Questions related to getting hacked

  • I got hacked.

    So I went through the process of cleaning the site and I think I got everything. But I’m still working on it and trouble shooting.

    My questions for someone more knowledgable than I:

    why would I need a htaccess.new and a htaccess.old file? I don’t remember adding these. Programmer hubby who sometimes helps but (gasp) doesn’t like wordpress much doesn’t remember adding these. Can I delete them?

    In the regular htaccess file there are a bunch of redirects… followed by a /and some random letters. But they point to sites I’m familiar with. I’m assuming that’s part of the hack and I can delete that as well. Right?

    I’ve asked norton.com, mcaffee.com, and google’s webmaster services to check the site again. I’ve also visited with my McAfee running. They all give the site a clean bill of health. But when I asked two past users of the site (with admin access) they got warnings again. They use Norton and McAfee. I asked another friend who’d never visited the site and her Norton also stopped “something.”

    I have no idea who to trust here. Or if I’ve actually got the site restored or if I’m somehow missing something. I think that’s more frustrating than being hacked in the first place.

    Thanks so much for any guidance you can offer.

Viewing 5 replies - 1 through 5 (of 5 total)

  • why would I need a htaccess.new and a htaccess.old file?

    you don’t. They sound like backup copies of original .htaccess files.

    n the regular htaccess file there are a bunch of redirects… followed by a /and some random letters.

    Those random letter don’t sound so good. Drop a copy of the file into the WordPress pastebin and post the pastebin url here so we can have a look at it.

    I have no idea who to trust here

    Try scanning your site with:
    https://sitecheck.sucuri.net/scanner/
    https://www.unmaskparasites.com/

    Thread Starter allyanders

    (@allyanders)

    Thanks esmi!

    Hope I did this right: https://pastebin.com/znQ9u84T

    You got that just right. And that .htaccess file is full of spam links from the hack. Destroy it.If you were/are using custom permalinks, set them permalinks back to the default setting, save them, then reset your custom permalink structure back up & save again.

    I’d also suggest reading:
    https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    https://ottopress.com/2009/hacked-wordpress-backdoors/

    Otherwise, the hacker may have left behind something that will allow him to walk straight back into your site again.

    Thread Starter allyanders

    (@allyanders)

    unmask showed a javascript error so I downloaded/uploaded a completely new theme.

    Now I’m not getting the error. I guess I should get those folks to try the site again. And delete those extra htaccess files.

    I don’t think the links/redirects I mentioned above are supposed to be there, but i’ve been out of the wordpress world for about a year and can’t remember if there was something that way supposed to be posting to the file or not. Yay armchair coders. *sarcasm* ??

    Thread Starter allyanders

    (@allyanders)

    Good news…

    re: the htaccess issue, DH had a lightbulb moment. The URLs listed were from a short link creator he wrote for me years ago. We’ve since shut it down and he did some sort of redirect to the site and listed all the links in there. I’m not sure I understand it all, but luckily, pastebin still had a copy.

    So that was a false alarm.

    And I’ve got the site up again with no errors. I’m going to see what I can do to beef up security. I’d already done several things, but I guess that wasn’t enough.

    Thanks again, esmi!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Questions related to getting hacked’ is closed to new replies.

Tags