Hacked. Hope me.
December 6, 2012 5:18 AM Subscribe
Just found out my site was hacked. Can't figure out where.
Site in question is in my profile. The google webmaster alert I got seems to make it out to be in example.net. Example.net is a wysiwyg made landing page (don't laugh too hard). I couldn't see anything in the page source. If you google my site, there's definitely link spam there.
How do I find it?
The whole site is a static page, wordpress (up to date in both software and add-ons, I check daily), a pigwigo photo site and a link to my youtube channel thing.
Talk to me like I'm 5. No better make that 95. Fibro makes it hard to understand and I might just move back to wp.com and find a image hosting site (recommendations welcome).
Site in question is in my profile. The google webmaster alert I got seems to make it out to be in example.net. Example.net is a wysiwyg made landing page (don't laugh too hard). I couldn't see anything in the page source. If you google my site, there's definitely link spam there.
How do I find it?
The whole site is a static page, wordpress (up to date in both software and add-ons, I check daily), a pigwigo photo site and a link to my youtube channel thing.
Talk to me like I'm 5. No better make that 95. Fibro makes it hard to understand and I might just move back to wp.com and find a image hosting site (recommendations welcome).
If it wasn't you who removed the spam - where is your webpage hosted? Is it possible that your web host was hacked (as in the company who hosts your website was hacked, and the hacker gained access to your site that way, rather than hacking your site directly), and your web host discovered that and removed the spam from your site but didn't tell you? Maybe contact their support to check.
posted by EndsOfInvention at 5:37 AM on December 6, 2012
posted by EndsOfInvention at 5:37 AM on December 6, 2012
Response by poster: The only thing I did was clean out a backlog of spam Akismet had caught. I didn't touch the front page at all.
Hosted at DreamHost. Will check with them.
posted by kathrynm at 5:38 AM on December 6, 2012
Hosted at DreamHost. Will check with them.
posted by kathrynm at 5:38 AM on December 6, 2012
Dreamhost has auto-cleaned spamware infestations from my site in the past. Look for a file called "backdoor.list" in your home directory--it has the list of files they cleaned (at least, it does in my case).
They also sent me an email similar to this one, which explains the situation well.
Also Dreamhost has these helpful pages:
Troubleshooting hacked sites
Dissecting web attacks
Hacked site discussion thread
posted by flug at 5:57 AM on December 6, 2012 [2 favorites]
They also sent me an email similar to this one, which explains the situation well.
Also Dreamhost has these helpful pages:
Troubleshooting hacked sites
Dissecting web attacks
Hacked site discussion thread
posted by flug at 5:57 AM on December 6, 2012 [2 favorites]
I think flug's list is the place to start. Don't overlook your .htaccess file.
posted by Blake at 6:04 AM on December 6, 2012
posted by Blake at 6:04 AM on December 6, 2012
"backdoor.list" in your home directory--it has the list of files they cleaned (at least, it does in my case).
Also if you note the date of that file you'll see when they found & cleaned the infestation--that might be useful info.
posted by flug at 8:20 AM on December 6, 2012
Also if you note the date of that file you'll see when they found & cleaned the infestation--that might be useful info.
posted by flug at 8:20 AM on December 6, 2012
Yeah, if you contact DreamHost, they are usually pretty good at getting back to you about anything they've done, and they may be able to run some more anti-malware stuff and quarantine things further.
posted by brennen at 2:39 PM on December 6, 2012
posted by brennen at 2:39 PM on December 6, 2012
This thread is closed to new comments.
It seems like the copy of your site that Google has cached (from the 28th Nov) has spam in, but the live site as it is currently doesn't. Did you personally remove the spam at some point since the 28th?
posted by EndsOfInvention at 5:34 AM on December 6, 2012