Jeff Tangen’s Wordpress

2 large mouth bass on hendon torpedos

View Wind Lake – June 30, 2012 in a larger map

2 Northerns
1 Large Mouth Bass

All on yellow/red top water spinner

View Phantom Lake – June 10, 2012 in a larger map

1 Large Mouth Bass
1 Northern

yellow/green top water spinner
yellow/red spinner

View Potter Lake – June 2, 2012 in a larger map

One Northern
Yellow red top water

View Eagle Lake, May 27th, 2012 in a larger map

One large mouth bass on yellow/red top water.

View Little Muskego Lake, May 21, 2012 in a larger map

2 large mouth bass, a smidge under 16 inches
Both on yellow/red top water spinner

View Big Muskego Lake – May 12, 2012 in a larger map

Once you feel comfortable that your wordpress site is back, it is time to locate where the malicious code came from.
If you provider gives you access to the logs you may be able to determine which file(s) have the malicious code in it. How will you do that? You will see web access to a specific file(s) deep in your wordpress (or former wordpess site).
In my situation, the file http://www.jefftangen.com/wordpress/wp-content/themes/{theme_name}/functions.php was infected. I checked one of my backups and did see the added code to the top of the file. The added code had “eval (base64_decode” and the code of the hack after.
While you are looking at your site, you should do a visual inspection of all the files and make sure that all the files out there are yours. Why do I say that? Well, your site had malicious code on it. Correct? What would stop the bad guy from adding their own code to your site and have it run there? Nothing is really stopping them from that. My suggestion is to take the time and verify all the folders/files on your site. If those files/folders are not associated with your site, delete them.
In retrospect, to mitigate this from happening in the future, make sure that you do not use simple, easy passwords and that your passwords are unique from site to site.

TFL: 8-6 Winner
A-PFC: 9-4 Out in first round of playoffs
AT&T: 7-7
MLAF: 5-8-1
PFC: 4-10

So, your wordpress site has been hacked…

Hidden php file that contains the malicious code.

1. Make a backup of your site including the database.
In your control panel there should be a backup application to make a backup of your entire site. Once the backup is complete, download the created file.
Use ftp to copy your entire site to your local computer.
Use phpmyadmin to make a dump (copy) of the database.

It is better to have to many backups then not enough and lose your data.

2. Make a screen shot of your plugins and themes (optional as you do have the names and files in the backups)

3. Remove all plugins and themes and see if that gets rid of the malicious code.

If that does not remove the malicious code then the site needs to be deleted and re-created.

4. Remove wordpress from your installed applications in your control panel. This will delete permanently the wordpress site.

5. Re-install wordpress in your control panel and make sure that wordpress is up to date.

6. Edit the mysql database dump file and change the name of the database to be the newly created database name.

7. Inside of phpmyadmin, remove all the tables that wordpress created.

8. Import the database dump file. When it is imported, it will create all of the tables that were just deleted.

9. Verify that the site comes up with the correct data and that the malicious code has been removed.

10. Re-install any plug-ins and themes.

11. Copy the uploaded files that was in the original site. Typically these files are under /wordpress/wp-content/uploads

Northern – 43

Large Mouth Bass – 35

Crappie – 19

Pumpkin Seed – 18

Bluegill – 8

Sunfish – 1

Smallmouth Bass – 1

Perch – 1

The map is of places this year that I did not catch any fish.

 

View Shutout 2011 in a larger map