Did you wake up this morning to find your site hacked by the Bangladeshi hacker Tiger M@te? Join the ranks of Google, Airtel, and now, thousands of Inmotion Hosting clients.
I’m an Inmotion client and noticed the hack this morning so I did a little reading. According to early reports, the hack is nothing more than an annoyance, as well as a reminder of how our data is never entirely safe. Inmotion is currently working on restoring old backups of sites prior to the time of the hack, so if you’ve made recent modifications to your site (or anytime you plan on making site changes), you should create a backup of your site. In case you need help backing up your site, here’s a good tutorial about doing so with cpanel.
In the meantime, here are some quick fixes to get you up and running again.
If You’re Running an Old Install of WordPress Via Fantastico De Luxe
- Log into your Inmotion cpanel (often accessible via your domain name followed by /cpanel.
- Click on Fantastico De Luxe under the “Software/Services” category.
- If you’re running an older version of WordPress the right category will say, “Upgrade to 3.1.” This is good. This means you can restore your site quickly.
- Press upgrade and wait while the “Upgrading” occurs.
- When upgrading is complete (should take about 2 minutes), check your site. You should be up and running like usual.
- Download the latest version of WordPress from here.
- Access your server by ftp and go inside your root folder.
- Delete the old wp-includes and wp-admin directories on your web host (through your FTP or shell access).
- Using FTP or your shell access, upload the new wp-includes and wp-admin directories to your web host, overwriting old files.
- Upload the individual files from the new wp-content folder to your existing wp-content folder, overwriting existing files. Do NOT delete your existing wp-content folder. Do NOT delete any files or folders in your existing wp-content directory (except for the one being overwritten by new files).
- Upload all new loose files from the root directory of the new version to your existing WordPress root directory.
- Remember that I said that the hacker placed index files in every top directory. You need open every directory and view your index files to make sure they are not the hacked one. Delete them if the directories shouldn’t have an index.php or replace them with new ones if they suppose to have one.
- Update the wp-confi.php if you have been using older version of a WordPress.
- Change your database username and password.
- Change WordPress Password.
- If you are using any caching plugin, make sure to empty all your caches after the fix.
- As soon as you get it running, export all your content, database and wp-content directory and wait for the next attack. If Inmotion Hosting decides to backup everything, you will lose your latest posts and modifications so back up yourself before they get to it.
If You’re Running A Regular WordPress Install:
Another WordPress Fix (Suggested for More Advanced Users)
The Tiger M@te hack affects the index file of your site and you can still login via nameofwordpresssite.com/wp-admin.php so you can theoretically fix the issue by going into Appearances –> Editor and finding your index file. Then change the code to the following:
< ?php /** * Front to the WordPress application. This file doesn't do anything, but loads * wp-blog-header.php which does and tells WordPress to load the theme. * * @package WordPress */ /** * Tells WordPress to load the WordPress theme and output it. * * @var bool */ define('WP_USE_THEMES', true); /** Loads the WordPress Environment and Template */ require('./wp-blog-header.php'); ?>
If You’re Running a Regular Site
You can eliminate the hack by replacing your index file via ftp (using a program like cyberduck). Look for the index file in your root directory and replace it completely with a backup.
Has anyone else gotten hacked? Was it just your WordPress site or everything? Are you an Inmotion client? Share your experiences (and solutions) here.