Not many people probably got to see it, but my site was hacked for a few hours yesterday. Instead of this lovely bit of interweb, there was a ‘ha ha, you’ve been hacked’ page complete with animated .gifs, horrid background music and the haxxor’s MSN names. The music really was the worst bit.
I started right to work on sorting it out. With help from m’colleague Pat it was easy enough to sort out. He was able to break it down into steps for me which helped as I was a bit busying thinking ‘oh f%#k’.
My WordPress login didn’t work anymore, neither did my FTP account. Thankfully my cPanel login with my webhost did still work. Through this, I was able to change my FTP account and password. I FTP’d into my account and it looked like (as I sort of suspected) the index.php had been changed and not much else.
To be on the safe side, I downloaded my public_html folder. I grabbed a new key from WordPress for my config file. Then, downloaded a fresh copy of WordPress and uploaded all the files just to be on the safe side (and to have a clean new index.php). That sorted the front page so at least my site looked normal again and was completely free of music that heavily featured a poorly used vocoder.
Next stop, phpMyAdmin to grab a backup copy of the database. I checked the username table for WordPress and it had been changed (but they still left the display name as Andrea, lulz). Changed the email address and username on the account so I could use the I Forgot My Password option on the WordPress login page. Bingo, was able to log in again.
Let this be a lesson to me and everyone else to backup more often. Thankfully, once the initial panic was over, this was easy enough to fix.