1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

12 of my WP sites down grrr

Discussion in 'BlackHat Lounge' started by dbuck, Apr 12, 2013.

  1. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    12 of my wordpress sites have been hacked causing my host to suspend my account. Lucky for me only one was a money site, But my other sites that they couldnt hack are down because of the suspension. Sucks......Anyone else having problems?

    Heres what my host has said....

    "Explaining Recent WordPress Service Activity 4/11/2013 5:15pm EST Update:
    At this time we are still working to fight against the brute-force attacks on WordPress sites. We want to clarify that this is not an issue exclusive to our hosting platform or even vDeck. The hackers have targeted WordPress sites hosted across a multitude of brands, and we are working alongside other partners in the industry to determine how we can resolve the issues we?re all facing. As we continue to focus all of our energy on the attack, we apologize for any additional delays with our support response-times. We can assure you that our staff is working overtime to eliminate the threat while keeping up with as many support tickets as possible. We take pride in delivering reliable and solid support, so again, we apologize to any and all of our customers who may be affected by this delay. We appreciate your patience and understanding."
     
  2. pokerjk

    pokerjk Senior Member

    Joined:
    Dec 26, 2010
    Messages:
    1,167
    Likes Received:
    384
    Occupation:
    Online Marketer
    Location:
    England
    Surely they can restore them from a previous date for you?
     
  3. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    If I had went thru cpanel they could, but I install them myself. I do backup so I'm not to worried. its just the pain and downtime that I hate....Why did these guys want to do a brute force attack on WP sites anyways....
     
  4. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,065
    Likes Received:
    2,872
    Gender:
    Male
  5. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    Ya I'm backed up, and thanks for the link gOgOl
     
    • Thanks Thanks x 1
  6. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    Strange...it was all my sub-folders that got hit. my main sites and sub domains are fine. also 2 of my sites a made by hand were hit but not that bad...
     
  7. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    One of my hosts, FatCow, told me that all of their WordPress sites are under attack. Last month alone I saw a 100,000 hits on my wp-login file.

    To thwart the attacks I added a security plugin WordPress SEO, timed out the number of logins, began blocking IP addresses and renamed my wp-login files. The number of hits has been reduced greatly but the attacks do continue. Oh, yes I did used Backup Buddy.
     
  8. ziplack

    ziplack Senior Member

    Joined:
    Feb 18, 2010
    Messages:
    1,193
    Likes Received:
    603
    Location:
    BHW
    heres a fix for that
    add this to your htaccess file


    <Files wp-login.php>
    Order Deny,Allow
    Deny from all
    Allow from 11.11.11.11
    </Files>

    Please note you need to replace 11.11.11.11 with your IP address so that you can access wp-login.php
     
    • Thanks Thanks x 1
  9. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    That assumes you have a static IP address of course as opposed to a dynamic IP.
     
  10. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    I kinda Thought that is how it works bertbaby...thanks........ Now I've got one sub-subdirectory with a hacked WP install that I am just deleting it cause I dont use it.

    Now all the installed files are deleted, but theres one file that remains in the directory and I cant delete it...or the directory. Anyone have an idea why This file wont let me delete it.
     
  11. wpbacklinks

    wpbacklinks Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 27, 2010
    Messages:
    3,397
    Likes Received:
    1,339
    Gender:
    Male
    Occupation:
    Affiliate Marketer
    Location:
    Everywhere
    Simple Login Lockdown plugin will also helps.

    i use dynamic ip, so its impossible to use htaccess way.
     
  12. BlueZero

    BlueZero Power Member

    Joined:
    Jul 6, 2011
    Messages:
    500
    Likes Received:
    257
    Occupation:
    Webdeveloper, Project Manager
    Location:
    Byte in the Net
    Home Page:
    Also myhosting is shutting down WP sites. They are also restricting access to wp-login with htaccess. Seems to be very wide hacking problem.
     
  13. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    same here blueZero, but its my whole account until I fix the problems on my end.....been at it all day. Sucks...
     
  14. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    I should rephrase This...I have a WP installed on a sub-directory that was hacked and cant delete the directory.
     
    • Thanks Thanks x 1
  15. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Can you access the control panel at your host and use their file manager?
     
  16. ziplack

    ziplack Senior Member

    Joined:
    Feb 18, 2010
    Messages:
    1,193
    Likes Received:
    603
    Location:
    BHW
    i dont have static ip adress but i use a no-ip.org redirection
     
  17. ziplack

    ziplack Senior Member

    Joined:
    Feb 18, 2010
    Messages:
    1,193
    Likes Received:
    603
    Location:
    BHW
    my current hosting and godaddy its under brute force attack
    wordpress and joomla website are targeted
    be safe guys
     
  18. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    Neat, I have to look into that. Thanks!
     
  19. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    I can access the control panel bertbaby.....I've tried to delete the dir this way and doesnt work. I have found some new dir on the sever I know I didnt make....I'm looking into that right now.