Complete Panic. Site dissapeared and cant get sftp access

Hi guys Im in a complete state of panic. 1 of my sites just dissapeared and I cant get any sftp access to that site or any other site on the server has dissapeared. All subfolders (Forum) and subdomains are still in place and working.

Please please help me sort out the problem.

16 Replies

The issue is that the domain is not resolving. It seems that it doesn't have any nameservers assigned ..

In fact - it seems that the entire domain is not registered. Perhaps it expired?

mmm well Ill look into that thankyou. How come the sub folders work ??

Because whitby != whitny (by versus ny)

Right - that's a different domain. You typed whitny instead of whitby in your opening post, hence the confusion.

For it simply gives a white page, which usually means something is wrong with PHP, so your logs should be able to give some more information.

Sorry its

Domain is registered and nameservers pointing to linode

How would I get access to the logs please ??

That depends on your vhost config. You should check in your configuration where it is supposed to log, and then check that file. Who configured the server? He should be able to tell you.

Im no longer in touch with the guy who configured the server. Is there any way I can get sftp back ?

Without information about your setup there's not much we can do to help you. Is the /forum/ but normally also accessed through the same sftp login? Or is that separated? Your webserver reports Litespeed, I've never used that so I can't tell you where to look. Try to login via SSH and see if the SFTP locations still exist and what /var/log/auth.log says when you try to login via SFTP.

Common locations are /var/log/php.log or /var/log/php5.log or in your webroot (for example /srv/www/domain/logs/) - but once again, without your config files there's no way to be sure.

Yes the forum is through same sftp. Im suspecting a wordpress plugin update has caused this (not 100% certain but could well be). If I can get sftp I can close of the plugins and see if that puts things right.

Just need to get sftp back to do that.

A plugin should not be able to break your SFTP access. I suggest first looking into that, and once SSH/SFTP all works again look into the site. If something with SSH(sftp) is wrong it should be in /var/log/auth.log.

Cheers guys, Got sftp back with help of support. That I think was a seperate issue. Think somehow my version of wordpres was corrupted or a plugin was playing up which caused a mysql or php problem

Got site back up now.

However it appears my forum is compromised as members getting trojan warnings. Im wondering iff all this is connected.

My techy freind thinks Im compromised. Is it possible that my entire server is compromised or just the contents of whitby sea anglers.

what is best course of action ? Would it be to clean out all software files and start with fresh.

That depends on the server setup. Assuming you have your site running as a separate user - if it is compromised, it'll be able to do what the user that runs the site can do.

Unless you run a really old kernel that is vulnerable to a root exploit ..

ok well I dont think any other users are compromised. Just What is best course of action please ? Is a starting point to clean out all files ?

Asumming the most positive scenario that only your wordpress got compromised you'll have to re-upload all the wordpress files so you are certain everything is clean. A worse scenario is when they placed some sort of backdoor or other malicious script in the database, in which case you must restore from a backup or manually go through the database and find it.

If a user indeed managed to compromise your site and upload malicious scripts you should consider everything that user can do possibly compromised though.

Also make sure to actually fix the issue, so update Wordpress, update the plugins, and update whatever else you have running. Otherwise there's little point in cleaning up.

Cheers for the advice. Ive cleaned everything up and so far my members are saying that virus warnings are gone. Ill be keeping an eye on it for a day or 2 yet.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct