18 April 2017
As current status, I have noticed that this domain’s server has been comprimised and hacked at least for 2 weeks. I have conducted initial steps to fix the problem for the time being.
Domain and pages are working now. But the media content of the posts are not covered yet.
25 April 2017
After the inital steps, for the time being, my checks demostrate that everything seems ok. However, I will continue to monitor before taking additinal steps.
- Fresh Install of WordPress & Web Server has been completed.
- Old Contaminated Files has been removed from system and saved for further investigation.
- I have extracted Media Content from contaminated folder via Live CD.
- Controlled installation of plugins now.
- Mail System has been masked from boot sequence.
- All the passwords has been changed.
- UserID & GroupID of the respective applications has been changed.
- Search & Removal of the old UserID & GroupID owned files has been completed.
- CPU & Memory Utilization has been monitored. Alarms has been set.
Very small percentage of the media content has been restored yet.