website hacked

  • jfbdevs

    (@jfbdevs)


    8 years ago

    Hi everybody,
    I have a wordpress website that has been hacked.
    What happened is that posts and categories are created by user “system”.
    They are hidden from frontpage and admin area, but contain spam links.

    I have updated to 4.7.2 deleting and overriding files as per guide.
    I have deleted the admin account.
    I have changed passwords for mysql and users.
    I have checked the users and cannot find “system”.

    I have installed sucuri and tried to harden.

    unfortunately it keeps happening.
    what can I do to investigate more?

    thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    Good work on the above steps, but it does sound like there’s a backdoor left open to the hacker: https://ottopress.com/2009/hacked-wordpress-backdoors

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    I would also recommend liaising with your hosting providers about this issue in case they have insight. They may also want to know about this in case it spreads on their server.

    Thread Starter jfbdevs

    (@jfbdevs)

    Hi Andrew,
    yes I forgot to add that the website owner contacted the hosting provider.
    Thanks

    imfromio

    (@imfromio)

    One of my sites was recently hacked – twice. The first time I restored the site files from a backup, changed passwords, scanned with WordFence and all looked fine. But when the same hack happened again a week later I noticed the blog_charset was set to UTF-7 in wp_options table. Could this be the backdoor that was left open? I changed it back to UTF-8 and am keeping my fingers crossed.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘website hacked’ is closed to new replies.

Tags