S
S
Sergey Gulin2016-10-27 14:27:29
Malware
Sergey Gulin, 2016-10-27 14:27:29

The site was hacked and the pages were replaced, where is the hole or how to fix it?

Good day to all, the essence of the problem is that there is a site on WP and that week it was hacked (2 admin accounts, passwords were changed). And they created a page with the following address "site1.com/ page-51191/ " It is not displayed in the admin panel, and they could not find it on the server, this site "loansolo.com" was displayed on this page, it stopped (magically) after the content block was removed in the developer panel, the site began to be displayed on opera/mozilla browsers - it's normal, but in chrome it's just English text, with the heading "make quick cash today" and then all the delights of their credit system are described, ai-bolit is silent, I can't find and solve the problem with this page, can you tell me?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
E
Edward, 2016-10-27
@Josers

If there is no desire or opportunity to delve into the files and look for the embedded code, you can act globally.
Save only the necessary files and folders, for example wp-config.php, the uploads folder (usually media files are uploaded there). If there are any other files that are very important to you, then those too. But there should be a minimum of them in order to view their code and exclude the possibility of infection.
Download the WorPress distribution from the official site, preferably the version that you currently have installed, as well as all the plugins that you have installed.
Copy all saved files, folders and downloaded plugins to the downloaded distribution.
Then completely remove the site from the hosting and fill in the new one, which was collected from the downloaded distribution.
Do everything carefully, do not rush. At the time of removing the site from the hosting and uploading a new one, add a code to the beginning of the .htaccess file, in the root of the site, to exclude visitors from accessing the site during these operations:

Deny from All // запрещаем всем доступ к сайту
Allow from ваш IP // разрешаем доступ определенному IP адресу

After completing the work, remove the code added to .htaccess.
As for the hacked accounts, through phpMyAdmin you need to change the passwords to them and regain access to yourself.
It is also necessary to change all passwords for hosting, site accounts, etc.
Like something like this.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question