I’ve just fixed 2 blogs which I host that had been hacked. These are the first I have had hacked in more than 10 years of web-desing and hosting.
Don’t panic, from what I can see this hack seems to be non-malicious and simple to recover from. This hack is not WordPress specific. It just replaces the index files of whatever happens to be driving a site.
From what I can tell, only the index.php files on the sites where compromised. I’m still checking to see if I can discover how the hack came about.
I’ve had no re-occurence and so don’t think this hack goes any deeper than changing index files.
Identifiying
Text and files referenced or embeded in the hack to help you identify if you have been hacked by the same code.
- Hacked by xalf
- n0 ReTrEaT & n0 SuRrEnDeR
- there is no censorship on the freedom of your words, then let your hearts be open to the freedom of our actions.
http://up1.mlfnt.net/images/e31id65fkbe6ptgdj4cn.gifhttp://ia331410.us.archive.org/3/items/TvQuran.com__1/TvQuran.com__004.mp3
Here is what it looked and sounded like.
How to repair this hack
Download a copy of the same version as your blog/site had installed.
FTP clean copy of index.php over the corrupted versions to the following directories and sub-directories
- root
- wp-admin
- also overwrite “index-extra.php
- wp-content
- gallery
- wp-admin
Has your blog been blacklisted by the top search engine’s
Click here, type your blog name on the right hand side and it will let you know if your site has been blacklisted.
http://www.unmaskparasites.com/
Information from Google, copy into your browser address bar and change the site details to those you want to test.
http://www.google.com/safebrowsing/diagnostic?site=handshake.co.za