• June 6, 2018 at 2:24 pm #1767
    MikeB
    Keymaster

    I’ve been on the Internet for some time and have had to repair a bunch of sites that have gotten hacked. Typically the hack is from an old plugin or dated core WordPress scripts. This particular one that I am working on right now only reveals itself ON GOOGLE search results. It turns a legit site into a dick pill peddler! The thing is there is no evidence of it in the source code, there is no rogue user, no threats were found by security plugins or any of the typical things that happen. It JUST appears in Google search results.

    Here is a link to learn more about the Pharma WordPress Hack, I will post my findings when I solve the problem. Super weird one!

    Michael Baker Digital Director / Founder


    Michael Baker Digital

  • June 12, 2018 at 8:50 pm #1776
    MikeB
    Keymaster

    This was not an easy one but I got it sorted. I don’t know how they got in but they placed several files. The last one was:

    wp-lib.php stuck in the wp-content/plugins directory and had encrypted code or “obfuscated” code:

     

    Michael Baker Digital Director / Founder


    Michael Baker Digital

  • June 12, 2018 at 8:56 pm #1777
    MikeB
    Keymaster

    The process was:

    1. Moved from Godaddy shared hosting to Premium/Secure/Dedicated WordPress Hosting at: WPEngine Manged WordPress Hosting (with an SSL)
    2. Leave ALL old WP files behind that may have been scattered into the core files outside of wp-content
    3. Get the site up with a copy of wp-content as it was
    4. Update everything and I mean everything in plugins & theme
    5. Get rid of anything and everything that wasn’t needed
    6. Install WordFence, Sucuri Security & Anti-Malware from GOTMLS.NET
    7. Locate any questionable files, database entries
    8. Delete, back-up, delete, back-up and test
    9. Create new XML sitemap and resubmit to Google Search Console
    10. Clear with Comodo, Google Safe Search and several others

    Michael Baker Digital Director / Founder


    Michael Baker Digital

  • June 12, 2018 at 8:57 pm #1778
    MikeB
    Keymaster

    This process took me as an individual about 15 hours. It was very much the weirdest hack I had seen to date

    Michael Baker Digital Director / Founder


    Michael Baker Digital

You must be logged in to reply to this topic.