So you have been Hacked By HaYal-ET06?
In October 2013, I found several WordPress sites had been hacked by hacked By HaYal-ET06, the Turkish Hacker.
Not knowing if this is a group of individuals or someone acting on their own, I will refer to “ET-06″ as an individual.
Yet again we see the return of yet another mindless individual attempting to cause issues for hundreds of WordPress website owners.
No one really knows why these fools continue to do this but I guess in their small World this pathetic escapade keeps them amused as they wait for their mummy’s to return home from work.
Enough of my wittering, being Hacked By HaYal-ET06 is not a problem really.
Symptoms of affected sites
1. Sites that have been affected by this recent hack all have their landing pages apparently removed and an image of “K.Ataturk” with his signature beside a Turkish Flag on a Black background. Below the image is text that read “Hacked By HaYak-ET06″.
The image below is an example I was able download from an affected WordPress site.
2. All posts and pages are affected, however Administrators can still access the login page and after logging in, can gain access to the WordPress control panel.
How to clean the affected site
Once logged in to the WordPress control panel you should not begin to delete or attempt to modify pages and posts as the hack is not directly placed on those pages/posts.
Navigate to the “Appearance” section found on the left hand side of the control panel.
From there, navigate to the “Widgets” sub-menu.
You will notice that all the previously installed widgets have been removed apart from 1 Text Widget.
This widget contain code that is used to fill the sites pages and posts with the image of “K.Ataturk”.
Simply delete/remove this widget and all your pages and posts will return as before.
You will now have to re-create the widgets you had before the attack.
Navigate to “Settings” and put your site name back. It will contain more code and just simply needs replacing.
Now navigate to “Reading” section and you will need to change the “Encoding for pages and feeds” from “UTF-7″ to “UTF-8″. Just over write it.
Press the save button and you are done.