Isaac how does this hack happen- is it possible it was OUR fault or the clients fault?

I could probably sell them a whole new website? Would that help? 

whitney.zelig@gmail.com I think this might be on them. Someone over there may be clicking on a phishing email of some kind. Or maybe a malicious script on the website. 
I believe the latter may be more accurate. 

Right now, Google is using a warning for many of the pages visitors find on search results. We will not be able to remove that warning until this is resolved. 

whitney.zelig@gmail.com - It's very hard to say but most probably hackers used a vunerability in one of the installed plugin on the website but since this is the same malicious script that redirecting a pharmacy website. It's for sure that these guys have put a loophole somewhere in the files that wpengine security company couldn't find it last time they cleaned the website. I have created a new support ticket with the wpengine regarding this.

Once they reply back the website has been cleaned. I will ask them if they were able to find the loophole this time or tell us how it happened. If they tells us they were able to find the loophole and give us a surity that these same hackers wouldn't be able to inject the website with the malicious script again. We can keep the website. But if they say they can't find the source from where the hack happened. I think it would be best if we go with a different premium service for cleaning the website or build a new website altogether.

Isaac, we should hack into their website and take it down for some sort of Payback! 

If the script is in one of the files, wouldn't that transfer over even if we create a new site?

Can we get a list of all pluggins so I can check them for any vulnerability? 

thanks Isaac  sorry i asked you the same question in campfire 

Hector - It could be that these pharmacy guys didn't even know about this. They maybe hired someone on fiverr or reddit which promised them good inbound links that will help to increase their domain rank and these guys hacked other websites which gets a good organic traffic and set up a redirect to their website.

On the new website we wouldn't be using any of the files from the old website. It would be from scratch or else there would be no point.

This is already done by the security company and also by wpengine. While cleaning the website if they find out any plugin and it's latest version has any vunerability they ask us to immediately remove it from the website.

whitney.zelig@gmail.com - No problem. Thanks.

WPengine has confirmed the website has been cleaned now. They couldn't give a concrete reply regarding how this happened so if we can sell them a whole new website. We should do it. If they say NO let me know and I will set up a firewall on the website. That should help.

Isaac
Thanks for the thorough explanation.
I think we should set up the firewall regardless of whether or not we sell them a new website. Because if they hacked it twice, there's a 98% chance they will be able to hack into it again. And let's remember that it hasn't even been 2 months since they last did it.
Selling and setting up the new website may take longer than 2 months so we would be hacked again.
whitney.zelig@gmail.com  
do you concur or do you have another idea?

Hector - Yes. That should definitely help.

whitney.zelig@gmail.com - Please confirm.

Hector i go with what you and Isaac suggest- you guys are the experts. Thank you so much

I can also ask shanes friend to help? 

whitney.zelig@gmail.com - I will need client #cc to signup for the firewall. It will be around $10/month.

https://sucuri.net/website-security-platform/signup/#firewall

Good morning Isaac Whitney.
Thanks for confirming WZ.
So I have 2 CC's on file for Lori and Docere whitney.zelig@gmail.com .
Can you please let me know which one of these they might want us to use? Or if they want to use another one?

Question for you Isaac. 
If we set up the Firewall, it will keep the hackers out from incoming new attacks. But what if the vulnerability is with a pluggin? Will the firewall still work? 

can you draft up an email that i can send to client Hector  to explain what happened and steps to prevent it in the future? they have an in house marketer that's not that smart, it could've been her fault. 

Good morning Whitney. 
I will prepare it for you and send it to you once I am done. 

Isaac  
Can you please initiate a validate fix so we can get rid of all the Viagra hacked pages which are indexed?

Thanks. 

Isaac  
Tagging you once again in case you missed the other one.. 
Please let me know when you initiate the fix. 
Thanks. 

Hector - You can just re-submit the sitemap and initiate validate fix.

Isaac
My bad, I forgot you were on vacation.
So I resubmitted the sitemap. Have the other pages been removed?
I initiated validate fix as well. 

image.png 48.4 KB • Download

I am still seeing some of the pages (Spam) indexed. However, they are coming up as 404s so they are no longer linked. I have resubmitted the sitemap once again to see if they disappear. 

Hector  any more spam-indexed pages?

Isaac  
Can you please check on the indexed pages for this client so you can then initiate the validate fix for them?
I am still seeing thousands of the spam pages marked as 404s

Hector - Sure. Will check.

Hector - Updated and submitted for validate fix.

Awesome.. Let's see if this time they stay out.. 
I will follow up in a few weeks. 
Thank you. 

Still waiting on validation... Changed the date. 

Validation still pending. I will wait another month. 

Still seeing validation pending. I went ahead and resubmitted the sitemap.

image.png 17 KB • Download

Isaac  
Any idea why this validations are taking so long?
This particular one was started

Started: 8/10/23

I am updating the due date for another month. 

I have verified that the resubmission worked and that validation has also passed! 

image.png 88.5 KB • Download