I have a client who insisted on the cheapest hosting possible. Despite my recommendation to go with something else, this client was persuaded to choose HostPapa, and now I have to fix my client’s site. Since the host still hasn’t figured it out I though I’d post a quick and dirty solution here.
The hack was a script, run from inside the shared hosting package. I won’t post the details here, but it went through all directories and replaced index.php and index.html files with replacements that simply said “hacked by hacker“.
Replacing those files (index.php , index.html) in your wordpress installation with fresh ones is a good 1st step, but not enough.The hack also sought out the header.php file in your theme directory. (i.e. wp-content/themes/twentyeleven/header.php). That file should be replaced with a fresh one form the wordpress installation package as well.
Voila. Your sites are now up for the time being. Good luck and may the internet have mercy on your domain so long as it’s hosted on a poorly configured host.