Resolved Site appears to have been hacked

[goplanetsdesign36]

As of today, something has gone wrong with my website. It redirects to crazy ads and spam and the content is nowhere to be found. It loads in a broken state on mobile. I'm www.planetsdesign.com, or planetsdesign.x10.mx.

Is there any way at all to recover my site to the state it was in yesterday or a couple days ago? It's my portfolio site so it's extremely important for my business. I'm willing to pay for support costs if necessary. Please let me know.

 

[goplanetsdesign36]

It looks like all my files are still there. I'm hoping it's just something I can delete or fix.

 

[spacresx]

are you using wordpress?
or something similar?

what was the last thing you remember doing with the website.
i ask because you might have had the wordpress or plugin hacked.

recovering your site to a certain date is only possible if you
have backups on your computer.
otherwise the only backup would be possibly months old.

 

[goplanetsdesign36]

I have wordpress, maybe a week ago I updated my content. Is there anything I can do? The files are all still there, and I can still access the hosting and the file manager. But both the main domain and the wordpress login redirect to spam.

If there's any way to recover things aside from basic troubleshooting, like dialing back a server backup, I'm more than willing to pay. I need this.

 

[spacresx]

i dont know if there is any "paid" options for that,
these forums are usually for the free accounts.

but from what i see when trying to even going to the links you provided,
it auto-redirects me different spammy pages.
which tells me its either in your .htaccess file or you may need a fresh
re-install of wordpress because you cant access your default page.

 

[goplanetsdesign36]

What do I do? Can I recover my site? Is there any way to pay x10hosting to just load a backup?

 

[spacresx]

i doubt they have backups. as the TOS says (for free users)

1. System Backups
   Backups are the sole responsibility of the customer. x10Hosting retains and offers backups to the customer but does not guarantee this service from failure. It is recommended all customers keep their own backups. Backups will not be provided to account holders who have been suspended for breaching the Terms outlined on this page.

 

[goplanetsdesign36]

Are there any possibilities to have it resolved? Like I said I'm glad to pay to have this fixed in any way possible. I hoped that maybe there was at least a server backup from a day or two ago. If not, I'd be glad to pay someone at x10 to resolve this in any way.

Aside from that is there anything I can do?

 

[spacresx]

Server backups are usually only done by x10 when a major change is made,
such as the big migration x10 recently had for free users.
so daily backups are never done.

there is not much you can do if all your files are compromised.
its not wise to use any of those same ones again.
and trying to troubleshoot them may take even longer.

maybe a staff member can give better assistance.
but no way to say how long that might take.

 

[goplanetsdesign36]

How do i contact them?

 

[spacresx]

staff frequently check these forums when they can.
they might be here in an hour, a day or a few days.
otherwise you can try using your paid support options to e-mail them.
(im a free user and not aware of the paid options)

 

[goplanetsdesign36]

If any staff sees this, PLEASE HELP

 

[garrettroyce]

@goplanetsdesign36 (tagging you so you get a notification)

There are no backups.

What most likely happened is someone was able to perform an XSS attack. They embed some javascript into a post on your website, so when visitors open the page they are redirected. It's likely nothing on your side actually changed. You can simply go into the database and delete any suspicious posts and that should take care of it.

You can also empty the tables in the database that do not contain your content and then re-install wordpress, re-using the old database. This will purge any erroneous settings and compromised files that may exist, while at the same time you won't lose any content.

What I would recommend:

1) Just in case, change all your passwords EVERYWHERE you use them. If you use the same password for Wordpress and you bank, change the password at your bank.
2) Back up all the files in ~/domains/{your domain name}/ by creating a .zip file and downloading it from DirectAdmin
3) Back up all your databases via PHPMySQL from DirectAdmin
4) Delete your Wordpress installation from ~/domains/{your domain name}/
5) Empty the tables that contain anonymous user content or information that you don't care about
6) Re-install Wordpress. Use Softaculous if possible.
7) Re-install missing plugins and themes

I'd be happy to help you here or through discord (for free!). If you were to purchase paid hosting, then I'm sure the paid support team could give you some pro advice, but backups don't exist and they generally don't help with anything that is not hosting related (they're not trained extensively in every single piece of PHP software).

If you tag me in the Discord chat or PM me in Discord, I'll get back to you. I'm generally only available 7pm-8pm Central Daylight Savings Time during the week, and after noon on the weekends.

Discord Channel: https://x10hosting.com/community/threads/x10hosting-discord-server.207431/
Discord PM: schizzor#2524

Don't PM me on this forum. Keep support in this thread so that everyone may learn from it.

 

[goplanetsdesign36]

For some reason within Directadmin I can't make a public_html folder in my domains subfolder. I currently dont have one, just an old one I had renamed to old. When I try making a new folder it just does nothing and refreshes, and if I try to rename a different folder, I get this error:

"Unable to move /domains/planetsdesign.x10.mx/public_html-other to /domains/planetsdesign.x10.mx/public_html: A component used as a directory in oldpath or newpath is not, in fact, a directory. Or, oldpath is a directory, and newpath exists but is not a directory."

I can make any other folder name.

I'm kind of stuck because I cant install wordpress or do anything with my site without a public_html. It seems like a weird technical issue. Please help.

 

[spacresx]

im not sure if you can add a new public_html folder inside of a sub-folder.
i think its like 1 "public_html" folder per domain name.
i always thought the "public_html" folder was like a server created folder

I may be wrong but thats just my thoughts.
wait for staff to reply to be sure.

 

[goplanetsdesign36]

I can log in but when I click the cPanel button the page times out. Is this a known issue or is something wrong with my account?

 

[garrettroyce]

@goplanetsdesign36 Where you able to resolve this issue? Please let us know if you need further assistance or this issue will be closed for inactivity.