Please help me fix our foundation website (wordpress)
 

My mom has a foundation for disabled people and some faggot hacked the wordpress or something and is uploading bunch of pages and hostgator keeps shutting her down..

She's been trying to fix it for a few days and Im not a wordpress guy so im hoping you guys can help.. Hostgator basically said her site is killing all the cpu, and this site is just a simple static website..

From the email i think some fucker either hacked the wordpress or hacked the cpanel, and is now uploading spammy pages..

Can anyone please help.. all the information from the email is below:

Dont mind paying $50 or $100 or w/e for someone to just fix it.


Also hostgator put this in the email:

All those links/pages below are all not part of her website.. Im trying to find those pages from cpanel and cant even find them.. Sorry i put her website as hidden so this doesnt come up on google when people search for her foundation

So why isn't Hostgator helping you out?

by the way if someone wants i can just pay you $50 or $100 or whatever and give you the admin login so you can fix it...

Thanks

They're being bitches.. Told her either she fixes it or they keep her site still shut down..

I have an account at Hostgator and have not run into a problem with tech support. Sounds odd.
If you have admin priviledges, you might want to change passwords in cpanel and wordpress ASAP before you do anything else.

Damn wish I saw this earlier, I am leaving now for the day!! Look if this isn't fixed tomorrow morning hit me up. You can keep your money and I will fix this for you free. If worse comes to worse I can move you and your mom over to one of our shared servers.

Sad when this happens.

TOM

Yeah at this point if some other host wants to move her completely and can solve this problem I dont mind paying for a new host.... Im getting frustrated and feel bad for her..

I do have cpanel login but they disabled the site so im not sure how to get into wordpress and change the password... I can still get into cpanel OK...

They put a button to re-enable the site, but said if i do and it kills the cpu again they will close it permanently . so obviously im scared to re-enable it.. Want someone to fix it first..

Contact me if you want that fixed...

celebempire{at}gmail.com or check my sig...

Make a backup of the database and files just in case.

I am with webair.com and I find they fix things. You may want to consider moving the site to them. I bet they will copy the files and stuff for you too.

Its being fixed now.. Thanks a lot guys :)

Hey sorry I had to leave yesterday. Should of said go a head and sign up for a new server. I had another Apt that I couldn't miss! :( Glad to see someone is helping you. Hope you aren't having to pay a lot.
TOM

And your MySql database passwords as well

Your mom is most likely not updating WordPress or any plug-ins that she may have installed. Those are massive security issues, as you can see. Unless there is someone available to update WordPress and plug-ins on a regular basis, WordPress is really not the greatest idea for a site, especially not for the tech unsavvy that don't even know what WordPress is.

I suggest you put someone on retainer to check in once a month and make sure everything is up to date. You're only going to see this problem happen again and again. And it is not the web hosting companies fault or responsibility to keep your scripts up to date.

Ditto, wordpress makes it easy to publish but if ya don't keep wordpress/plugins updated bound to happen as since it's a very popular CMS shitheads look for outdated holes in it. :2 cents:

Also ask your tech person to install this plugin;
https://wordpress.org/plugins/better-wp-security/

It changes the default user name, login URL and looks for suspicious query strings in URLs etc.

Most people don't need all this but whoever hacked your mom's blog most likely left a backdoor they can use to get back in later.

Let me know by PM if you decide to go ahead and need any help.

Cheers,
Paz.

I'm a little confused why your CPU usage would go so high. A hacker, hacking files and uploading rogue files, fine. Usually they just put a file deep in the folder structure and it is some type of malware.

High CPU usage may want to check the database that stores all the comments. You likely have approve comments manually set, so spammers will just keep leaving comments which all get saved in a database. When this database gets too big, it will bring the entire server to a screeching halt because every comment left by spammer actually calls the entire database each time.

Fix is to delete every single comment out, stop any ability for anyone to leave a comment.

I have a lot of Wordpress sites and they get hit every single day with bots trying to log in. The bots come from IP addresses all over the entire world. There must be a shitload of compromised slaved computers out there just trying to break into whatever they can find. I use a plugin called WordFence, Paz suggested another one as well. At a minimum, install one of these and make up some difficult passwords.

Is there anyway you can enter your wp-admin and isntall

Anti-Malware
Wordfence
WPSecurity

Also you need to block logging attempts to 1-2 per ip-user, after that they will get locked.

If it's possible change all passwords on Wp and C-panel as well.

Why do you use the word "faggot" ? Do you have a little secret you would like to share with the group?

If you mom would be willing to move her site, we have free hosting program for foundation sites.

you can mail me at [email protected] or icq 603686929

Cpanel has a build in scanner you can use to see if any pages got infected. Other options are by access the server through ssh.