Try again. WP Hacked with "pastebin" Need Help


#1

HI
I am not really tech savvy but will try to keep this as short as possible.

  1. Last week site was down with a 500 error.
  2. Restored from 31st Oct Backup as communicate via Live Chat
  3. Found 2 extra strange users account NOT set up by us
    4)Contacted support was advised to delete the 2 users followed by a restore to 5th Nov Backup
  4. Site was down today. Pages are all mess up as follows:
  • Access to pages will show suspicios url lke pastebin and other websites
  • Any attempt to log in wp back office example https://anaccord.net/wp/admin will be redirected to

https://pastebin.com/raw/V8SVyu2P?/wp-login_php&redirect_to=https%3A%2F%2Fanaccord.net%2Fwp-admin%2F&reauth=1

Was advised to seek help here.
Anyone?

JS


#2

Wow, that looks like pain. I would suggest to:

  1. create backup of your site here using cloudways console
  2. download official and latest version of WordPress
  3. access site through FTP and delete completely folder: WP ADMIN with all inside, also delete all from WP includes. Don’t touch WP content folder! Delete all files sitting outside those folders except wp-config.php
  4. unzip WordPress files and copy to your public folder: WP ADMIN and WP INCLUDES folders plus files sitting outside those folders.
  5. Go to website ,load it, see if issue is still there.
  6. if it is still there, you very likely have installed plugin which is causing this. See if there is any suspicious plugin you never installed. Delete plugins one by one. Download them from official sources and install again.
    Make sure to copy setting for some plugins so you don’t lose some important customization.

If you have no idea what im saying here :slight_smile: just open ticket on cloudways support and get guys to do that all for you. Also get them to scan your public folder. Maybe they will be able to find out infected files and fix all without painful process of re-install and testing.

If your site is just in development mode, you don’t have nothing important there the easiest to sort this would be to just copy your content, delete all and start form scratch.

Good luck.