» Home » troubleshooting » Worpress – hacked by xalf

Worpress – hacked by xalf

From 2010: I’ve just fixed 2 blogs which I host that had been hacked. These are the first I have had hacked in more than 10 years of web-design and hosting.

Don’t panic, from what I can see this hack seems to be non-malicious and simple to recover from. This hack is not WordPress specific. It just replaces the index files of whatever happens to be driving a site.

From what I can tell, only the index.php files on the sites where compromised. I’m still checking to see if I can discover how the hack came about.

I’ve had no re-occurence and so don’t think this hack goes any deeper than changing index files.

How to identify if you have been hacked

Text and files referenced or embeded in the hack to help you identify if you have been hacked by the same code.

  • Hacked by xalf
  • n0 ReTrEaT & n0 SuRrEnDeR
  • there is no censorship on the freedom of your words, then let your hearts be open to the freedom of our actions.
  • http://up1.mlfnt.net/images/e31id65fkbe6ptgdj4cn.gif
  • http://ia331410.us.archive.org/3/items/TvQuran.com__1/TvQuran.com__004.mp3

Click to see what it looked and sounded like or here.

The audio track looks like it originally came from TVQuran.com

Here is a copy of the audio track Unknown Reciter – I don’t know who the reciter is.

How to repair this hack

Download a copy of the same version or WordPress your blog/site had installed or if you weren’t using WordPress, upload a backup of your site.

FTP clean copy of index.php over the corrupted versions to the following directories and sub-directories

  • root
    • wp-admin
      • also overwrite “index-extra.php
    • wp-content
      • gallery

Has your blog been blacklisted by the top search engine’s

Click here, type your blog name on the right hand side and it will let you know if your site has been blacklisted.


Information from Google, copy into your browser address bar and change the site details to those you want to test.


Other good articles on hardening your version of WordPress

1 thought on “Worpress – hacked by xalf”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.