My blog has been hacked. <wail>

[FrauLindor]

Or rather the website of the webhost has been hacked.

Fuckers.

Why do people do this? What do they gain from it?

I have discovered that I have accidentally deleted this bit

public_html/wp-admin/index.php

How do I get that back?

Ok, have updated it and it is working again.

Not sure if I need to do any more than that.

Did you download WP again and reinstall it on your host?

If you've done that, and backed up, then you should be okay.

It's about 7a in CA now so I would assume someone from the hosting company, beyond emergency staff, will be on this, even on a Sunday.

I updated on the blog - I can download and reinstall on blog I think. If I can remember how to do this.

At around 4am EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced.

We are evaluating how this has occurred and our security team will have more information shortly.

While we review this issue, cPanel and SSH access has been disabled on various platforms. For additional security, we are rotating passwods on a number of accounts. We will honor requests for password resets as they are needed but are attempting to limit the inconvenience to our customers as we're able. FTP is still operational should you wish to access your files at this time and correct any issues you see yourself. We will be working diligently to make cPanel access available again as soon as possible.

If there is a defacement on your account, please know that our Systems team is working to get your site back online. If your index.php was modified, they will be restoring it from the most recent backup and no further action is necessary on your part. At this time, we do not have a definitive timeframe for resolution, but we will update this page as we gather more information.

We do apologize for this issue, let us know as you have further questions, we'll be glad to answer them as we're able. Please understand it will take our security team some time to review this issue before we can have a full explanation available.

Best Regards,
The Web Hosting Hub Team

Do you think I should re-install?

No, now that they are on it, let them do what they need to do.

Everything else has been speculation and it's possible they can fix the problem without you having to reinstall everything.

I would do a back up, if you haven't already, and not add anything new to the site until they finish. Maybe post something to that effect on the blog?

I have done a back up and posted a ranty blog post but if that goes, it won't be too bad.

Thanks for all your help, Tee. I don't think I would have managed it without you.

That's rubbish!
for you

Thanks, Butterfly. It seems to be ok now.

thought you might like this blog about the hacking It is really good.

My general reaction is "don't you have something better to do?" (the hacker, not the bloggers)

Actually, I may end up thanking him. Have had loads of hits on the blog today, from people googling this.

I've just been hacked on my Wordpress blog. I am pretty technical and have read all the web pages on how to fix it, but I am absolutely flummoxed. Can anyone help? The site keeps popping up cosmetic surgery ads, which for an austerity housekeeping blog is just plain WRONG!

Boffin was it just your blog that was hacked or was it the host? Who is your host?

Sorry, just realized you're on Wordpress.com.

Are you sure it's a hack and not Wordpress adverts?

Well, cosmetic surgery adverts keep popping up so I doubt it. It was on my iphone when I checked the blog there as well.

Sorry, I had to get to bed last night!

By 'popping up' do you mean as pop ups? Because I don't understand how that can happen on an iPhone.

Anyway, if it is a hack, they've managed to edit your code. The problem is that with Wordpress.com you can't edit the code yourself, unless you pay for it. Which you may have done!

You said you found some stuff on the web, where and what?

Well, on the iPhone, the ad appears as a picture and text below my blog post. Which seemed strange to me as well. On the PC the ad appears as a moving Gif but not every time - sometimes it's absent. I am wondering how much I will have to pay to edit the code - as it's an ad, I could trace hackers and send them a bill for advertising to cover my costs LOL!

I googled Wordpress and Hacked and got lots of advice about what code to look for, but while I could view my source code I couldn't access it, and now I know why. But it's all very fiddly to do as I haven't done much coding for years and years.

codex.wordpress.org/FAQ_My_site_was_hacked is main source of advice.

How do you do links on iPhone version of MN???????

I don't think you can do links, hence my using the mobile site and not the app.

I'm on my phone at the minute so can't do much anyway. I'm trying to figure out how they hacked your code if you can't even see it!

I'll be home in around an hour and then I have to do some work people actually pay me for but I'll take a look as soon as I can!

See, that link is no good to you because it's for wordpress.org, which is self hosting. You are using wordpress.com which is hosted by Wordpress, not a third party.

You need to see if there are any forums for Wordpress.com that might be able to help.

Aha!
I have emailed them ...

Probably you're best course of action!

OMG!

Wordpress put in on there themselves!!!

The ad would not pass muster here in the UK as it makes illegal claims.
I have asked them to reconsider dealing with this advertiser.