gimmeshelter

Bump. Anyone out there able to help? Thanks in advance!!

nRelate is a related posts plugin. I’ve posted on their official forum but had no reply there either. Might have to try a different plugin.

Thanks. Shame same can’t be said for my original question ??

Anyone got any suggestions on this?

Looking in my cPanel via FTP, I can see a sub folder within the public_html folder called:

paypal.com.cgi-bin.webscr.cmd-login-run.dispatch-5885d80a13c0db1f8e2636

This is the same name as the page that got the site suspended in the first place (it ended with my domain name).

Within this folder are several more folder, including one called Credit-card.htm

Is it possible that deleting this alone would clean the site? Obviously it would be best practice to go through everything with a fine tooth comb, but I thought I should mention this.

Lastly, how is a newb like me supposed to spot “unusual characters and codes” if they are more carefully hidden in lines of code?!

Great. So could you answer my other q’s?

I did try to make back-ups every day but didn’t read the logs – my bad. I do also have a clean back-up from 2 months ago if all else fails.

Where will I find the database? Is it the files in mysql? I have horde.sql, radsh482_radshot_wp.create and radsh482_radshot_wp.sql

So I finally heard back from the tech guys at my hosting company. They have made a back-up of the cPanel which I have now downloaded via FTP. Their email reads as follows:

***
We have generated full cPanel account backup and have placed it under the account root folder. Also we have enabled ftp access for the account, you can access the account through ftp and downloaded the backup file. Please note that you would need to extract and clean up this backup, since the backup was generated from the account in its current, compromised, state.

A reset will be required to unsuspend your account. Please understand you will lose ALL data including any email addresses set up. Please confirm you understand this and wish to proceed and please provide us with the last 4-digits of your credit card we have on file for you. Please also put Yes or No next to each of the following. We will not proceed until you do:

I understand all website files will be deleted:
I understand all email messages and addresses will be deleted:
I understand all addon domains/subdomains will be deleted:
I understand all databases will be deleted:

***
Again, apologies if my questions are dumb, but what now…?

1. Will the host’s “full cPanel backup” include my database – Krishna said I should make sure I’ve got this?

2. There’s nothing else my host can/should do right? Should I just answer ‘Yes’ to all their questions and get them to push the button asap?

3. Is it simple to clean up this compromised back-up? Are there step-by-step instructions on doing this anywhere, that a non tech person could follow?

4. Do I need to do anything else to preserve all my images/links? I was confused by point 2 on this page you directed me towards: https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

5. Anything else I should know or any other advice/instructions?

Thanks guys!!

Thanks Krishna. I have still not heard back from the host’s tech dept (getting pretty frustrated at the delay now) but I will request this. URL is https://radshot.com

Thanks for the info cubecolour. This really is a can of worms ?? Seems to be that there’s really not a lot I can do until the host allows me access to the back end so I can get a fresh back-up – IF they will allow it.

At that stage I go through the process in “FAQ_My_site_was_hacked” right? And try to clean out the code. Which sounds like a total nighmare for a newb.

If anyone is familiar with BackWPUp, I’d love to know if they have some advice. Specifically, does it make a back-up anywhere other than the failed DropBox attempt? Perhaps into a folder I can access via cPanel (again, IF I’m given access back)?

So annoyed, thought it was happily backing up every day for the past 2 months.

They don’t have a forum so I guess I’ll have to hope they respond to my email. Meh ??