Bluehost Web Hosting Help

How the Social PNG Hack Works

Overview

The Social PNG hack is a method used to alter a websites behavior or content. A hacker may make a file containing malicious code and format the file to appear as an image. The image will follow the png format and will often be called social.png. This is done so that it appears to be a common and harmless file that any website might have normally.



How You Get It

There are many ways the file could have been placed on you website, too many in fact to cover all of them. The most likely is that it came from a plugin or theme that you installed on your site which included the malicious file. Often you would have no idea you were uploading an infected file to your site as the hacker would make the plugin look as legitimate as possible.

What it Does

Once the file is on your site, the hacker can control your site and manipulate it in any number of ways. You may not notice anything at all or you may see any of the following:

  • Your site starts redirecting to another site
  • Links to another site start appearing on your site
  • Unwanted advertisements may appear on your site
  • Search engines and browsers may start warning that your site is dangerous
  • Your site may simply break and show a white page or an error message.

There are other ways it may manifest itself or it may not manifest itself at all and instead work quietly behind the scenes just gathering data and using your processing power.

What to do if You Have It

If you aren't sure how to identify compromised files or correct them, consider a professional malware cleaning service like SiteLock clean the site for you.

If you are a developer or very familiar with the website, consider the following courses of action.

  • Identify the infected social file and remove it, identify any other files that have been changed and make corrections as necessary.
  • If you know when the file was placed on your site, replace your website with a clean copy from a backup taken prior to the infection.
  • Have a professional malware service like SiteLock clean the site for you.
Knowledgebase Article 100,725 views bookmark tags: hack security wordpress


Was this resource helpful?

Did this resolve your issue?


Please add any other comments or suggestions about this content:





Recommended Help Content

How To Delete Or Uninstall A WordPress Theme - Step By Step Guide

How to Delete or Uninstall a WordPress Theme

WordPress: How to Uninstall a Plugin

Uninstall a WordPress Plugin

My Sites: Manage WordPress Sites

Our updated 'Rock' user interface offers a fresh new look, along with several useful tools and helpful features. One such feature is the My Sites tab, where you can easily manage your websites.

Related Help Content

Basic Site Security Checklist

What can I do to increase my Site Security while hosting with Bluehost?

Change WordPress URL's With WordPress Tools

This article will explain how to change the Site URL or Home URL setting in WordPress. This may be useful if you have moved your WordPress site or are planning to move your WordPress site.

How To Migrate An Existing Wordpress.com Site

If you have a WordPress blog hosted on WordPress.com, you can easily export it and import it to WordPress that is installed on your hosting account with bluehost. Login to the WordPress Data

Login to WordPress with WordPress Tools

This article will explain how to login to a WordPress site using WordPress tools.

How To Login To WordPress Site - WP Admin Access

This article will explain how to login to a website created with WordPress.

How To Install WordPress - WordPress Installation Guide

Learn how to use WordPress, WordPress started as just a blogging system, but has evolved to be used as full content management system and so much more through the thousands of plugins, widgets, and themes now available.

WordPress Pro: Marketing Center

WordPress Pro accounts will provide customers with advanced features and functionality, including the Marketing Center

WordPress Access with Maestro

You will be given a WordPress Administrator role once the site owner accepts your request. This article explains what level of access you will be provided once verified.