HackeD By Dr.SHA6H | Fuck All Site

This post is also available in: Romanian

 

I do not know how many of you had it … but It happened to me. I recently found two sites that were done on WordPress platform and who were on the same server affected by a Dr.SHA6H. Who is it, and what he does in his spare time … does not really matter, the fact is that the two sites continued to display the text “Hacked by Dr.SHA6H | Fuck All Site” and the content of those sites were inaccessible.

On one of these sites I tried to fix it by reading the files in it. I found something in header.php, functions.php and footer.php. I tried to remove the extra code and I could not get rid of the error. I searched the database and found that it was damaged and trying to fix it, I ruined the structure of it. Finally for this site, I had it  fixed by reinstalling a new database and recovery of the remains of the old one.

For the second site I said to ask ‘friend’ Google if someone has been affected and published how to fix this. I have found something useful here and it helped me a lot to fix on the second one.

I have found a widget that I disabled in the Appearence—->Widgets.

I have found Site Title changed and I recovered it from Settings—->General.

I have found UTF7 instead of UTF8 and I restored into Settings—–>Reading.

 

That was it. The site is now up … unharmed …

I hope it will be useful to you … but it’s better to not need … right?

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA * Time limit is exhausted. Please reload CAPTCHA.