1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

All My Sites Got Hacked

Discussion in 'BlackHat Lounge' started by Kamilion, Jul 11, 2011.

  1. Kamilion

    Kamilion Regular Member

    Joined:
    May 8, 2009
    Messages:
    217
    Likes Received:
    31
    Hello, BHW Community.


    First of all, I am very sorry,if this is wrong category for this type of threads,if so mods pls delete or move this thread.

    Around a month ago, when checking my sites stats I saw huge traffic from search engines with unrelated keywords,1st didnt understand what was that,then I checked my public html directory and saw that each of my site contains files like walmart.php,300 php, i checked codes and saw there were encrypted javascript code,and manually removed all these files and told that to my webhosting customer service. They checked and there were cpaneal login from Romania Ip and he uploaded all files to index his site. My webhosting company banned that Ip and I checked my cpanel pass to strong one.



    But,today within a moment all my sites got hacked by a hacker tn scorpion,he replaced all sites' index files with his signature.And deleted all my sites files. I immediately contacted my host,and they said there were no cpanel access, Here is what they messaged me:

    I found out there is pretty outdated installation of the wordpress in your public_html directory. The version of the software is 2.9.1, while actual version is 3.2. Also you are using wide range of plugins for your websites, that could be vulnerable as well. I went through server logs and nothing was found that may be related to FTP or cPanel logins and uploading of the pages. So, the conclusion is the account was hacked through a vulnerability in your scripts. You should go through your scripts and make the software you use with them is up to date and is not vulnerable (you may need some research in order to find more information on the plugins.


    If so,then how he manage to delete andreplace all my sites' index files with his?

    Today,2-3 hours before hacking I installed some plugins to my unused wordpress site,can it be the reason?

    And it happened 1st time,as i use this hosting (whb)company already 3 years and completely satisfied with them.

    My host managed restore all my sites,but till 19 june,the content after that date already lost.

    What are your minds,how to keep our site more secure?
     
  2. TheWiTchDocter

    TheWiTchDocter Registered Member

    Joined:
    Sep 21, 2009
    Messages:
    98
    Likes Received:
    17
    scary story , think the best is keep your wp updated and your plugins. it is wp is update frequently for security. it is one of the most used blogging platforms, so there are many people looking for security holes in it. Each update helps patch up the holes. hackers look for old versions of wp to hack. there should be many WP security plugins search
     
  3. Kamilion

    Kamilion Regular Member

    Joined:
    May 8, 2009
    Messages:
    217
    Likes Received:
    31
    Yes, I guess they used an old version of wp on my host to hack. But how they managed hack all my sites? is it because my host company has weak security?
     
  4. allinet

    allinet Registered Member

    Joined:
    Mar 28, 2011
    Messages:
    91
    Likes Received:
    22
    Occupation:
    Computer and Laptop Service Specialist
    Location:
    Lockport, IL
    Home Page:
    I believe your computer could be infected with rouge malware which sends your ftp password to the hacker. Check your computer for malware and when you are certain your computer is clean, change your ftp password.
     
  5. Kamilion

    Kamilion Regular Member

    Joined:
    May 8, 2009
    Messages:
    217
    Likes Received:
    31
    I checked, there are no viruses,spyware or malware. First time, I didnt how he managed to enter cpanel,i had strong pass with numbers,letters,etc .



     
  6. sqhunter

    sqhunter Regular Member

    Joined:
    Jul 8, 2009
    Messages:
    385
    Likes Received:
    267
    some unsecure wp plugins may be used as a backdoor. I use login lockdown on my wp. that can at least protect from brute force attack on the login.
     
  7. saru4141

    saru4141 Regular Member

    Joined:
    Dec 30, 2009
    Messages:
    208
    Likes Received:
    30
    Well Same thing happened to me 2 months ago, My all sites were hacked + PayPal , Gmails, Godaddy account, Name.com account..My facebook, even my skype too..lol I was using strong password though, but he got my all passwords, i guess he kyelogged me..But i got my 20 sites back and losted 2 domains with godady..I also losted my $300 in PayPal ..:( I think u should double check your PC , Your Start up files under MSConfig command..And Call to your host to remove everything from your sites and restore it to any previous date..
     
  8. Kamilion

    Kamilion Regular Member

    Joined:
    May 8, 2009
    Messages:
    217
    Likes Received:
    31
    Hm,it is a very bad feeling man. I have kaspersky,seems it is not enough for security :(


     
  9. seomasterz

    seomasterz Newbie

    Joined:
    Mar 8, 2011
    Messages:
    47
    Likes Received:
    4
    Hi it is very bad to hear that happened with you to avoid this you should have a strong password and also always keep new passwords because hacker uses different algorithms which automatically search the password and use a goog anti virus which have strong restrictions like avast and avira is also a good anti virus
    and dont receive any unknown mails or files which contains viruses