What king of hack is this? xss maybe? my wordpress is displaying ads via scripts, I cant tell if they got access to my website files or not. how do I fix this?
Do a scan with a file malware scanner like ISPProtect (there is a free trial) to see if you can find the actually hacked files and not just some URL's that contain js. Btw. This is not ISPConfig related, so I moved it to the server operation forum.
Are you already running Wordfence? https://www.wordfence.com/ It is specifically for Wordpress, and can also scan for altered files. It is possible the cracker has just modified the database, the contents of web pages are there. But somehow cracker got in to modify the web pages, so check Wordpress and all themes and plugins are updated. It is possible password has been leaked or guessed. Consider changing the website and database related password for that site in ISPConfig, and the Wordpress users passwords in Wordpress. If you can establish when the cracking happened, restore files and database to a time before that. Then check for updates so the cracker can not get in again, and change passwords if you need that.
Does your wordpress displays adds via scripts on purpose? I mean is it something you build into worpress to actually display adds? If so, keep in mind that you don't have complete control over the adds themselves, even for very legit add agencies it's sometimes difficult to prevent malware adds. So if malware adds are displayed on your worpress site, it doesn't mean your server is infected, it is just channeling a malware add through your server to the clients browsing your site in the hope to infect those clients. But like Till said, do a malware scan on your server, better safe than sorry. OR if the adds are not intended to be displayed on your site, follow Taleman's advice. Now that said, if the adds are intended and your add agency keeps pushing a lot of malware adds look for a different way of trying to make an extra buck. But to be honest, in general i would not put too much trust in most of the add agencies that push adds via websites on the internet, specially the ones that claim you can make a lot of bucks.
PS... i just checked out those URL's and i'm getting 0 adds blocked by addblock plus.... How/what/when did you get that malware warning? through your browser browsing that site? Did you install some additional software on the server to scan it?
