Hacked By HaYal-ET06

So you have been Hacked By HaYal-ET06?

In October 2013, I found several WordPress sites had been hacked by hacked By HaYal-ET06, the Turkish Hacker.
Not knowing if this is a group of individuals or someone acting on their own, I will refer to “ET-06″ as an individual.
Yet again we see the return of yet another mindless individual attempting to cause issues for hundreds of WordPress website owners.
No one really knows why these fools continue to do this but I guess in their small World this pathetic escapade keeps them amused as they wait for their mummy’s to return home from work.
Enough of my wittering, being Hacked By HaYal-ET06 is not a problem really.

Symptoms of affected sites

1. Sites that have been affected by this recent hack all have their landing pages apparently removed and an image of “K.Ataturk” with his signature beside a Turkish Flag on a Black background. Below the image is text that read “Hacked By HaYak-ET06″.

The image below is an example I was able download from an affected WordPress site.

2. All posts and pages are affected, however Administrators can still access the login page and after logging in, can gain access to the WordPress control panel.

How to clean the affected site

Once logged in to the WordPress control panel you should not begin to delete or attempt to modify pages and posts as the hack is not directly placed on those pages/posts.

Navigate to the “Appearance” section found on the left hand side of the control panel.

From there, navigate to the “Widgets” sub-menu.

You will notice that all the previously installed widgets have been removed apart from 1 Text Widget.

This widget contain code that is used to fill the sites pages and posts with the image of “K.Ataturk”.

Simply delete/remove this widget and all your pages and posts will return as before.

You will now have to re-create the widgets you had before the attack.

Tidy up

Navigate to “Settings” and put your site name back. It will contain more code and just simply needs replacing.

Now navigate to “Reading” section and you will need to change the “Encoding for pages and feeds” from “UTF-7″ to “UTF-8″. Just over write it.

Press the save button and you are done.



What are WordPress Permalinks?

You may have seen them in WordPress when you have been navigating the “Settings” menu of WordPress.

Listed as:

  1. Plain
  2. Day and name
  3. Month and name
  4. Numeric
  5. Post name
  6. Custom structure

Basically, these are used to configure the way your site uses URLs (Uniform Resource Locator). Or in other words, lets your site use various friendly web page addresses.

For example: This site is “http://wordpresshosting.us.com” and the pages and posts that are show to our visitors are the names of the posts title.
This post is names “What are WordPress Permalinks”. So it makes sense to have a URL address that matches the posts title.

Therefore we have set our Permalinks to use the post tile in the overall URL address.

As you can see above, the website/domain name is in RED and the post title is on BLUE

We achieved this by setting our Permalink to the “Custom structure” in the image below.

You will see the only use the PostName to attach to the end of the Domain URL.

Now here’s the important part. DO NOT Leave your permalink set to the “Default” setting.
It give a horrible URL which visitors with not remember and search engines hate.



The “?p=34″ actually means, Post number 166. Who could easily remember that?

Remember, it is in your best interest to keep the same permalink structure once your website has launched.

Not at all Friendls!

Kaitlyn Morin explains what are WordPress Permalinks and then how to configure them to maximize your chances of being remembered and for increasing your chances in ranking high in the search engines.