My domain/website has been hijacked.

Avatar
  • Answered
It appears that someone has hijacked my domain: localbizbuzz.tv
It appears to have happened sometime in the last month or so. It appears to have been taken over by a foreign slavik-language hosting company (according to Google Translate, the language is Turkish): http://www.cozumhost.com/webhosting.html All content on the pages are in some foreign language.

The domain somehow resolves to http://www.cozumhost.com/webhosting.html even though nothing has been changed in my domain files at my registrar. I'm not even able to login to my Wordpress wp-admin.

All DNS records are still correct. And WhoIs lookup is still correct. I've looked through my file manager and DNS files from inside my WHM and cpanel, and nothing appears to have been changed. Basicly, everything looks to be normal except the public facing website.

I have sent the same information to GoDaddy, my registrar. I am submitting here also, just in case the problem was not with the registrar.

TraceRoute: See traceroute below:
traceroute to localbizbuzz.tv (23.235.198.49), 20 hops max, 40 byte packets
1 174.36.196.241-static.reverse.softlayer.com (174.36.196.241) 0.454 ms 0.433 ms 0.428 ms
2 ae11.dar02.sr01.wdc01.networklayer.com (208.43.118.137) 0.200 ms 0.351 ms 0.380 ms
3 ae9.bbr01.eq01.wdc02.networklayer.com (173.192.18.202) 1.194 ms 1.227 ms 0.826 ms
4 ae51.edge3.washington4.level3.net (4.53.116.65) 0.920 ms 0.943 ms 0.953 ms
5 ae-1-60.edge2.Washington1.Level3.net (4.69.149.14) 7.648 ms 7.650 ms ae-2-70.edge2.washington1.level3.net (4.69.149.78) 1.419 ms
6 INMOTION-HO.edge2.Washington1.Level3.net (4.79.22.110) 3.421 ms 2.561 ms 2.427 ms
7 23.235.198.49 (23.235.198.49) 2.237 ms 2.571 ms 2.223 ms
Avatar
Arn
Hello Userworthy, Sorry about the problem with the WordPress site. It definitely appears to have been hacked. How it was hacked, we're not quite sure. We do know that the installation is not a typical WordPress install at this time. The question I first need to ask is if you have a backup of the site from when it was operational. The backups that we carry are progressive and no longer than 24-36 hours old, so they would not be of the site from when it was operating correctly. If you do have a backup, then it would be best to restore over top of the existing site. As a worst case, you would need to delete the existing site and rebuild the site with a new installation of WordPress. If you have a backup of a good database, it's possible to re-install the base WordPress files and then import the database. Any themes, plugins and uploaded files would need to be re-uploaded to the site. Though, I would recommend double-checking each theme before applying it. Some older themes have been vulnerable to hacks. You would need to use an FTP client or something like the cPanel File Manager in order to remove the actual WordPress files. Sorry again for the problems with site. Please let us know if you have any further questions or comments. Arnel C.