[thelist] Hacked website

[Dan McCullough]

Sometimes the first computer that is infected is the person updating the
sites so run local scans (scan anyone who has admin/ftp/ssh/remote access)
after that you will need to reset passwords.  After that is done then I
would suggest that you use a plugin like Wordfence or Sucuri you can run
scans and they will list the infected files and you can tick through the
long, exhausting list.


On Sat, May 31, 2014 at 11:35 AM, erik mattheis <gozz at gozz.com> wrote:

> A new client's site was hacked almost a year ago, they didn't realize it
> although they remembered their host shutting down their website temporarily
> and telling them it may have been hacked (???). The intruder placed a bunch
> of search engine spam on their site but otherwise didn't do anything I've
> noticed. They got at least one executable PHP file in there, so I'm
> assuming they could do anything they wanted and still could at any time.
>
> I'm not a security guy though and want to check out a possible plan:
>
> - Client will run security scan on computers that have accessed the site
> - Export WordPress content as XML, search content for <script> and <?php>
> tags
> - Download media files, make sure none are executable
> - Restore everything on new server
>
> Am I missing anything? Would there be a way the hacker could still have
> access to the site at the new location if I followed the above steps?
>
> Thanks and happy almost-summer to those of you in my hemisphere!
>
>
> --
> Erik Mattheis
> --
>
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
>



-- 
Thank you,

Dan
Cell:  484-459-2856
Facebook: http://www.facebook.com/dpmccullough
LinkedIn: https://www.linkedin.com/in/danmccullough

   -