stlplace.com was hacked and restored, plus some thoughts

Posted in :

stlplace
Reading Time: 2 minutes

I found out this site was hacked yesterday evening, as I saw the loading of site on Safari was slower than usual. It also shows incorrect theme, more like a plain theme. With the admin link redirect to spammer site. I decided to tackle it right away. I recall about one year ago something similar happened to this site, and google webmaster tool told me about it. I was able to remove the offending files/directories, by following the recommendation set out by google and some other wordpress sites.

This time I made an almost fatal mistake, during deleting some of the files in wp-includes, I accidentally deleted all the useful php files there. Panicked, I used both the website restore tool, and the import feature of wordpress (mojo marketplace), to no avail. The symptom of the problem was I could not login, and it shows blank page when I login via the wp-admin or wp-login.php after taking my credential. And I can only see the pages at uudaddy.com (I could not log in there either).

I filed for help at the hosting company. But I still feel helpless as this site has about 9 years of my blogging and uudaddy.com has my last 4 years of blogs. Fortunately I was able to find this wordpress help page about updating wordpress, and fix internal server error by deactivating the plug-ins. The latter comes only after I gained some web dev experience lately, knowing more about error 500 🙂

So long story short, I was able to restore all the blogs (those two plus my wife’s happy mandarin.com) by the following:
1) Restore .htaccess file to avoid the redirect to spammer page;
2) Restoring the wp-includes and wp-admin page: upload zip file, extract; in the wp-content directory, I renamed plugin directory as plugin.SAV (this way it deactivates all the plugins);
3) Run the wordpress update as soon as I can log in.

I also backed up the MySQL databases for stlplace and uudaddy, and backed up those two blogs to wordpress.com (this one and this one). I understand blogging itself is a declining trend, and it’s probably not easy for small web hosting company to defend against hackers like Google/Amazon/Wordpress do. That’s why I am also evaluating whether to move to wordpress.com or Amazon EC2 (self hosting). It’s a bit emotional decision as I have hosted this site for 9 years, but I need to consider both my time, the cost of hosting, etc. I will make a decision on this shortly. Meanwhile check out the new blogging sites I mentioned above, in which I will blog both about software development and raising kids.

%d bloggers like this: