Indexhibit Support

Just needed a quick insight on what is the best plan of attack on this subject. I have been reading all hacking related issues on this forum but havn't really gotten an answer that best fits my problem:

My wordpress was recently hacked during that manic sweep on the interweb and it appears to have spread to my indexhibit. I have deleted the wordpress database and re-upped everything over there, so there is no problems. What concerns me is now whenever I go to my site, its like a lottery, sometimes I can display pages no problem, others I will be redirected to a malware site. Is this due to a corrupted database rather than corrupted files? I have checked most of the major files and havn't caught anything in the code that look wrong. Therefore could I back up everything site wise, delete the database and reload everything back up? Or is there a way to clean up somethine that has been individually affected?

Cliffs:
Are there files that are infected on my site or is it the database and depending on which do I need to clean and salvage files that arn't infected or can I re-install with my old non-infected (database infected only) files.

Website: Idiolalia

Thanks for any help/info sent my way :-)

Your site looks like fine - this is really very strange.

My guess, which doesn't mean much here, is that either the htaccess file was hacked...or perhaps there is something seriously wrong with the server itself doing these redirects.

I'm trying to find a trace of anything in the html file itself causing...no rewritten links...no js...nothing.

It's possible that there is a hack that is throwing a redirect, I guess. Turn your root index.php file into index.php.txt so we can see the contents of the file...show us.

You could also reupload the files...staying clear of any customizations you made and the config folder (which has the database connection).

the root Index has been changed. Thanks again for the help, its been bugging the heck outta me @_@;

'has' or 'had' or both?

So, the problem was that the hackers had inserted something onto the index.php file? Which is the common way they do things - you should check all the index.php file on your site as well.

Oooookay, found a massive amout of base64 code at the bottom of my root index.php file. How would I go about removing such lol text? I'll post the beginning parts for clarification:

Edited by Vaska: Hey, don't post that!

I deleted that which didn't pertain to a recent dl of your root index file. I did not notice this on any of the other index files and this would make sense to why it would be throwing those errors when it would attempt to load the sidebar. Is this correct?

Hehe...you want to remove anything after the exit line. Does that make sense?

;)

I deleted that which didn't pertain to a recent dl of your root index file. I did not notice this on any of the other index files and this would make sense to why it would be throwing those errors when it would attempt to load the sidebar. Is this correct?

Do not understand this...sidebar?

Basically I uploaded a new root index.php file to my site in the root folder. Seems like that helped a bit but I appear to be getting malware redirects still...

Yes, you have to check every index.php file throughout your site...I noted this above.

Apologies, mean the sidebar that contains the navigation panel...

I have checked and cleaned the root index, checked the index file that is located in the theme folder. Am I missing anymore? Sorry again for the confusion.

Third time: check ALL "index.php" files in your site. Go through every folder and find them...

Sorry for the apparent lazyness Vaska, checked every single Index file. I have been loading the site repeatedly to see if it comes up again with re-directs but havn't seen anything in awhile. I will post if another thing comes up, otherwise thanks again for all your help :-)