My Wordpress website built with Elementor and incorporating WooCommerce has been hacked and the issues are beyond my fundamental understanding capabilities.
The hack is creating new administrators, changing passwords and usernames and linking to necessary elements of the website so when fraudulent users are deleted, so are integral images and information.
There will also be the opportunity to work with us in increasing and securing all our websites and shop too.
The corrupt files need removing and additional security implemented.
Please contact me for full and further information if you think you can help.
An example and excerpt from he emails I am receiving from IONOS are as follows:
The following measures will be necessary in order to restore security to your IONOS contract:
(A) Disinfecting or deleting the malicious files
1. Open the indicated link in your browser and use the access data for your primary SFTP user for authentication. Alternatively, you may also use an FTP client (such as FileZilla) to open the file in the ./logs/forensic/ directory.
2. The log file will contain additional information about the malicious files. Please follow the instructions indicated there.
3. To make your website accessible again, change the permissions from 200 to 604 after cleaning up the files. For directories, change the permissions from 700 to 705. Your website will only be able to be displayed properly after these changes have been made.
and...
This is an urgent message regarding your contract with IONOS.
A few minutes ago, our antivirus scanner detected that a malicious file was uploaded to your webspace.
The file can be found in your webspace at the following location:
To protect you against dangerous hacker attacks, our antivirus scanner checks every file on your webspace that is being modified or uploaded. If the scanner detects malicious code, execution of the file is disabled to prevent further attacks. To prevent calls to this file altogether, the file permissions have been reduced.
Our scan will continue after this email is sent to disable additional malicious files. Upon completion of this scan, you will receive another e-mail with detailed information on how to clean up your webspace. Please be patient as this can take several hours depending on the size of your webspace.
In the meantime, you can perform a few steps.
1. Do you use a Content Managment System (CMS) such as WordPress or Joomla? Then we recommend updating the CMS including any plugins or themes to the latest versions.
2. Check your computer with an updated antivirus program. In the event that your credentials were stolen by a third party, a virus is the most likely cause. Do you have any questions? Simply reply to this email and leave your reference [Ticket AB132389658] in the message.
