One of my clients was hacked today. Unfortunately, they are hosted at BlueHost, which is cheap but doesn’t seem to pay a lot of attention to security.
It turns out that many sites on Bluehost got hacked last week by someone installing malware which somehow involves “www.domainameat.cc”. It is easy enough to see if you are hacked. FTP a PHP file from your site and look at it. Does it start with “base64_decode” followed by a bunch of gobbledygook? If so, yep, you are hacked.
Here’s what I did to fix it, it took about 10 minutes:
- Delete everything in the “public_html/.files” directory. That’s a bunch of spam.
- Delete every php file on the server
- Upload all of them again, you do use version control, right?
Alternatively, you could try using the script from this site, which explains what is going on.
If you have a business site and use my support service, I’d already be doing this for you. You would already have backups, and you would have version control. This would just be a blip on your day, followed by an email from us explaining what we did to recover.
Related posts:
- New record, three patches accepted in one week. I have this wonderful client who hired me to build...
- Training My Spamato Spam Filter Months ago, I threw in the towel with my old...
- Activating Akismet anti-spam plugin If you are using Wordpress, and you aren't using the...
- WordPress 2 multi-blogging made easy I upgraded the site to Wordpress 2 this morning. This...
- Howto use Satchmo as an App I'm going to be using Satchmo to power the backend...
About Bruce Kroeze
Hi Bruce,
I have a couple of sites in Blue Host that had been hacked last week. Dare2wine.com. , sofismart.com and Tonelesdelsur.com. I do not kow how to fix this and BH doesn’t provide any help.
Can you or help me go thu this or recommend somebody that could undo this damage
Thanks, A
(mt)!
It’s the best ever. I don’t work for them, btw.