Categories
Non classé

You got hacked but I’m here to help

If you are seeing this it is because your wordpress site has been hacked.

They have changed your wp-config.php to point to a different database, which is where this post is stored. All of your content is still in your database and will appear again when you fix wp-config.php with your database credentials.

You will need to check your site’s php files against a backup of your site or against virgin wordpress install files to identify injected code strings – pay attention to include statements in particular.

You’ll also need to look out for files hidden in plugin directories and elswhere – they’ll often be hidden with a full-stop at the start of the file name and end in .ico.

Credentials to hacker’s database:

ItemValue
IP address62.76.47.167
Port80
Usernameuser_jzmyse
Passwordjoptam
Database:db_illph

How was I hacked?

Probably you haven’t kept your plugins or themes updated and a vulnerability in an old version was able to be exploited. You might have dangerous write permissions on files or directories that allowed content to be uploaded.

What does the hack accomplish?

The hack was intended to leave your site looking like normal, while giving hackers control in the background to run different scams – like popping up fake prizes to try to get money from your site visitors. But something went wrong, or the hack was only partially completed, leaving your site looking like this.