Fixing an old, hacked website (MySQL question)

MyOwnDemon

MyOwnDemon

Face Rocker
Jan 28, 2007
3,528
27
48
Iowa
www.sitestomp.com
I had a fairly popular website that was running on wordpress which was hacked last summer. From my understanding it was mySQL injected. Sadly, I had a lot going on at the time and wasn't able to fix it, so I just shut it down for the time being.

I still have the mySQL database file for it and would like to get the site live once more, but I have no clue how to clean it out. Would anyone be able to recommend a tutorial or process on how to do this?

I really, really want to get the site live again. I still own the domain and the database. I'd just throw a fresh wordpress install on the domain and hook it up to the database but I don't want to risk reinfecting again. I'm sure I don't rank anymore, but that would just be a matter of time.

Any suggestions? And thanks in advance! :)
 


Well what was injected? If it was the same thing in all posts export the db to a sql file.

Find and replace all in notepad to get rid of crap.

Import database again.

Update wp, check your plugins (make sure all up to date) and remove any that could interact with your db for a bit.

Fixed.
 
stmadeveloper said:
Well what was injected? If it was the same thing in all posts export the db to a sql file.

Find and replace all in notepad to get rid of crap.

Import database again.

Update wp, check your plugins (make sure all up to date) and remove any that could interact with your db for a bit.

Fixed.
Click to expand...

I have no idea what was injected. I don't know anything about mySQL either. I'm in the admin panel right now and I'm just super confused as to what I'm even looking for. That's why I was wondering if anyone could recommend a tutorial haha.
 
nvanprooyen said:
What happened to it? Dropped tables?
Click to expand...

No, this site itself was still working, however it was flagged in Google as a malicious site. At the time I was super stressed out and busy and didn't have time to deal with it. So I just took the site offline, but I kept the database hoping to bring the site back one day. And now I'm really interested in getting it back up and running.
 
i'll see if i can fix it for you in exchange for one landing page credit. :)

sean
 
somlor said:
i'll see if i can fix it for you in exchange for one landing page credit. :)

sean
Click to expand...

Haha, alrite I may actually take you up on this as I really want the site back up and running and I have no idea what the hell I'm doing. Tell you what, I will get a hold of you this weekend if I can't figure it out and we'll go from there. :)
 
Set the site up on localhost and monitor traffic for irregularities. Setup another live version after a test run and manually add ten to twenty articles from your archives and possibly some new stuff to get you going.

In Wordpress all the main activity happens inside of the posts table.
This is a table in MySQL that will be labeled "wp_posts" or "thenameyoupicked_posts". Unless you have a lot of customization, this is probably where you can easily identify the previous issues.

1.While in MySQL load your database and scroll down the "table column" until you see "_posts".

2. Click the checkbox and over in the next column labeled "Action" click the icon that looks like a notebook. This will now allow you to browse the table.

The next screen is much easier to read and displays all of the different variable used in a post in WP. Reading from left to right you will see ID,post_author, post_date, post_title, post_content etc...

3. If you see anything out of place simply click the checkbox on the left then click the pencil which will send you to another page where you can update and remove anything that does not belong.

Hope this helps.

Also there is a plugin for Wordpres that checks how many queries are being run on the database and how much load it is causing which will help you figure out the problem too.

Post again if you have trouble. Will give the plugin name after looking for it.

Late.
 
You must log in or register to reply here.
Top Bottom