Comments on: Simianuprising.com now hopefully UN-hacked.

By: jeremyclarke

jeremyclarke — Sun, 31 May 2009 15:58:09 +0000

@Steve: I would try to figure out when they first used their power on your site. In my experience they tend to use it right away. Did they edit any posts? In that case you could look at when it was edited. Check the modified dates on any plugin/theme/wp files they tampered with in FTP, that might give you hints about when they first got in (though be careful because they might have edited files then come back, in which case there could be old and new edits).

Usually though if you have a database backup that’s fairly recent you should try it out with fresh files. If you change the account passwords and check all users then the real risk is really that they have files on your server, not access based on the database.

If you meant the site files and that you can’t be sure they are clean then you really just need to use whatever copy you have and look through every file. Replace all the wp ones, then go re-download any plugins and go through the recent uploads and make sure everything is what it seems to be (look at the photos).

By: Steve

Steve — Sun, 31 May 2009 10:04:51 +0000

I saw your presentation at last years WordcampNewYork and I guess I didn’t take the appropriate steps because a few of my sites have been hacked.

You mentioned restoring a pre-hacked version of the site. How do you know how far back to go? Couldn’t it have been hacked months ago but abused recently.

Any help you can provide would be greatly appreciated.

By: Chris Blow

Chris Blow — Tue, 19 May 2009 01:20:50 +0000

Thanks for a good scare. I manage probably a dozen wordpress installs and it’s hard to keep them all up to date. For me the key is getting them under version control, so you can just “svn up” to the latest. Thanks especially for the tips on the Google recovery!

By: Jim Doran

Jim Doran — Wed, 13 May 2009 02:21:37 +0000

Thanks for sharing this.