Sealight Hack Restore steps

My site got hacked by or someone pointing there. All was root caused to the use of “Sealight” a very popular theme by The issue is pretty much unnoticealbe if you don’t have a “catch-all” address in your email, as I did. 
I received emails from customer, news, consumer, at a rate of 100+/hr many went to the spam folder many stayed in my inbox. 

Amazingly, I was able to restore it and erased it.
First check in your access_log if you see any activity using “yahoolinks.php” or sm3pg7.php
If you do, you are infected. The solution steps are quite simple:
1) Download wordpress again, 
2) You need to use the command line since it seems that Malware hacked also the management WP-admin module and you cannot turn on/off plugins.
3) Copy the wp-config.php file to a safe location.
4) You may need to loose all your plugins and may need to add them again later.
 cp /var/www/html/  /tmp/wp-config.php
 mv /var/www/html/ /var/www/html/
unzip onto /var/www/html/ 
mv wordpress to html
cp /tmp/wp-config.php html
and restored.
Check, you will see in your error_log of your apache browser:

[Fri Sep 02 08:52:27 2011] [error] [client] File does not exist: /home/87694/domains/
[Fri Sep 02 08:52:58 2011] [error] [client] File does not exist: /home/87694/domains/
[Fri Sep 02 08:53:19 2011] [error] [client] File does not exist: /home/87694/domains/
[Fri Sep 02 08:53:28 2011] [error] [client] File does not exist: /home/87694/domains/
and that will be considered you safe of problems.
I suuggest you upgrade your sealight plugin and change all your passwords that you used for your databases, as well as any other information stored in your plugins.

Leave a Reply