In which I get hacked: Part 3

This morning, Google issued me an alert that a lot of my pages were 404’ing:

How interesting. So I hopped into my webmaster console to see what was going on.

Lots of 404’s were firing, and the crawl errors were all tied to those image files uploaded to my system by the hack:

I decided it was time to restore the site from backup.

Thanks to UpdraftPlus, I moved the clock back to Mar 20th, and re-created my first two posts in the “In which I get hacked” series.

I also restored my previous authentication, which I quickly updated to a new password. Interestingly, the hack introduced a different login name to my system “zerobyte”. I’m back to my original wordpress names now.

Stuff is still a little messed up on my end as I can no longer upload pictures. The upload process gets the data to the site but the media browser is borked. I have to enter <img src="" /> tags by hand, which is super annoying.

I have my plugins mostly disabled, and will attempt to re-install each of them as well.

Again, any advice and support is greatly welcome. I apologize for losing all my previous comments after restoring from backup. I will particularly miss this gem:

Bless him.

I’ll keep updating if I learn more.

One Comment

  • I will particularly miss this gem

    To be fair to him, if you were using telnet or ftp over a non-secure connection, that is a fair candidate for the means by which the attacker got in.

    Also, for me a lot of the images in part 1 and part 2 are broken links.