Hacked by Zool

How bad could it be,

I have no experience with hacking and penetration testing issues, but surely I know about 30% on how to prevent my site from getting hacked hehehe ^_^ .

In the past week, I took some files from my client to upload them to their new web-host and then reconstruct the website. However, when I uploaded the site I found out that it has already been hacked.. Damn, I wanted an easier job!!! 😦 .

So, I was to contact the previous web designer who was quite nice to me, but didn’t help me because I think he was very very very  busy.. maaaan, I’m struggling over-here, can’t you see that I’m calling you more that I call my best friend in a usual day 😦 .

So I tried contacting the web-host which has nothing to do with that, but as you know I just wanted some help and guidance.. they didn’t give a sh#$@t !!!

Today, I’m glad that I’ve learned some new experience -which I didn’t want to learn- on how to troubleshoot a hacked site..

so let’s get into it:

First of all, the bad guys will hide their hacks,,,

when we look to the major components of our site we will find, Folders, Files and Databases… these are the places where you should be searching and filtering for bad codes in them..

If the website directory and the files are writable by the web-server then the hacker can plant their code anywhere they like. a great place for him/her to start with will be  the “wp-blog-header.php” file.

Another place will be the “Theme files“. that was my case BTW,, when replacing the existing “index.php” file by another one -designed for hacking purposes- your site will be down in seconds..

If that wasn’t your case then you might want to see the “.htaccess ” file in the root folder of the site. If  you didn’t add any additional functionality to it then It should normally look like that :

# BEGIN WordPress
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</ifmodule>
# END WordPress

An even harder way to find the hack is when the hacker uploads a PHP code disguised as jpg file to the upload directory and add them to the activated plugins list… remember it’s hard but not impossible..

you should just checkout you plugins folder, folder by folder ahe he he :’)  yes I just said folder three times :’) .

Nope, I was just kidding,,

Just open your PHPMyAdmin and go to the blog’s options table and find the active_plugins record and scroll through it. If you find a text that looks like  ../uploads/2015/01/04/dfasfdkjog.jpg… just kick the file out and remove the code..

There are so many other ways to locate the problem but these sound enough to me for now.. and until my next customer comes -_- ..

But remember,

Always, Stop the bad guys, Back up your website, Upgrade your sites and the most important thing Help your friend nigga heellp your friend nigga..

 

hacked

Feey Aman Allah,

 

 

 

 

 

 

 

Role number 2:

Advertisements

2 responses to “Hacked by Zool

  1. Thank you Rania. I’m glad that you have found my post useful…
    I don’t usually do something useful :’) but that’s a good sign for me to continue 🙂 … once again thanks for your nice words.
    PS, Don’t forget to Back up your website..

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s