From 2010: I’ve just fixed 2 blogs which I host that had been hacked. These are the first I have had hacked in more than 10 years of web-design and hosting.
Don’t panic, from what I can see this hack seems to be non-malicious and simple to recover from. This hack is not WordPress specific. It just replaces the index files of whatever happens to be driving a site.
From what I can tell, only the index.php files on the sites where compromised. I’m still checking to see if I can discover how the hack came about.
I’ve had no re-occurence and so don’t think this hack goes any deeper than changing index files.
How to identify if you have been hacked
Text and files referenced or embeded in the hack to help you identify if you have been hacked by the same code.
- Hacked by xalf
- n0 ReTrEaT & n0 SuRrEnDeR
- there is no censorship on the freedom of your words, then let your hearts be open to the freedom of our actions.
http://up1.mlfnt.net/images/e31id65fkbe6ptgdj4cn.gifhttp://ia331410.us.archive.org/3/items/TvQuran.com__1/TvQuran.com__004.mp3
Click to see what it looked and sounded like or here.
The audio track looks like it originally came from TVQuran.com
Here is a copy of the audio track Unknown Reciter – I don’t know who the reciter is.
How to repair this hack
Download a copy of the same version or WordPress your blog/site had installed or if you weren’t using WordPress, upload a backup of your site.
FTP clean copy of index.php over the corrupted versions to the following directories and sub-directories
- root
- wp-admin
- also overwrite “index-extra.php
- wp-content
- gallery
- wp-admin
Has your blog been blacklisted by the top search engine’s
Click here, type your blog name on the right hand side and it will let you know if your site has been blacklisted.
http://www.unmaskparasites.com/
Information from Google, copy into your browser address bar and change the site details to those you want to test.
http://www.google.com/safebrowsing/diagnostic?site=handshake.co.za
Hi Ismail, I’ve updated the post. I’ve put a link to the mp3 and maybe you could send me the name of the reciter if you find out. cheers, Grant