Try again. WP Hacked with "pastebin" Need Help


#1

HI
I am not really tech savvy but will try to keep this as short as possible.

  1. Last week site was down with a 500 error.
  2. Restored from 31st Oct Backup as communicate via Live Chat
  3. Found 2 extra strange users account NOT set up by us
    4)Contacted support was advised to delete the 2 users followed by a restore to 5th Nov Backup
  4. Site was down today. Pages are all mess up as follows:
  • Access to pages will show suspicios url lke pastebin and other websites
  • Any attempt to log in wp back office example https://anaccord.net/wp/admin will be redirected to

https://pastebin.com/raw/V8SVyu2P?/wp-login_php&redirect_to=https%3A%2F%2Fanaccord.net%2Fwp-admin%2F&reauth=1

Was advised to seek help here.
Anyone?

JS


#2

Wow, that looks like pain. I would suggest to:

  1. create backup of your site here using cloudways console
  2. download official and latest version of WordPress
  3. access site through FTP and delete completely folder: WP ADMIN with all inside, also delete all from WP includes. Don’t touch WP content folder! Delete all files sitting outside those folders except wp-config.php
  4. unzip WordPress files and copy to your public folder: WP ADMIN and WP INCLUDES folders plus files sitting outside those folders.
  5. Go to website ,load it, see if issue is still there.
  6. if it is still there, you very likely have installed plugin which is causing this. See if there is any suspicious plugin you never installed. Delete plugins one by one. Download them from official sources and install again.
    Make sure to copy setting for some plugins so you don’t lose some important customization.

If you have no idea what im saying here :slight_smile: just open ticket on cloudways support and get guys to do that all for you. Also get them to scan your public folder. Maybe they will be able to find out infected files and fix all without painful process of re-install and testing.

If your site is just in development mode, you don’t have nothing important there the easiest to sort this would be to just copy your content, delete all and start form scratch.

Good luck.


#3

For anyone else who finds this discussion looking for help with a hacked site, I would not try to fix it if you aren’t highly tech savvy. The site needs to be rebuilt from scratch by someone who really knows what they’re doing. You need to ensure that all files are clean, as well as the database. Like cleaning mold, if the job is not done thoroughly, it can come back again easily. It has to be done manually. I have recovered sites that were still hacked after “site scan” software said the site was clean.