1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

All my sites hacked

Discussion in 'Black Hat SEO' started by Xaviers, Mar 10, 2012.

  1. Xaviers

    Xaviers Regular Member

    Joined:
    Oct 3, 2011
    Messages:
    239
    Likes Received:
    171
    Occupation:
    Full time IM
    Location:
    Cerebro
    I've been trying to get in touch with some moderators about this. The first

    guy I gave a free site to yesterday hacked all of my websites. I mistakenly

    sent him my sql files for all my sites instead of the just the 1 he bought. His

    skype is nicobottema. So anybody know of any premium wordpress security

    plugins I can use to deal with this? Or somebody I can hire to combat this?
     
  2. forwardedlandlines

    forwardedlandlines Jr. VIP Jr. VIP

    Joined:
    Feb 10, 2012
    Messages:
    540
    Likes Received:
    372
    Dude wtf.. I didn't do a thing. I have no interest in the contents of that SQL nor would I have a clue on 'hacking' (nor do I have the mentality. I construct, I don't steal or destroy). BTW passwords are stored in databases in useless MD5 hash encryption. So you're better off not presuming that 'the guy who got all your databases' hacked your site, and find a real cause and method of reparation instead.
     
    Last edited: Mar 10, 2012
  3. iwantl00t

    iwantl00t Junior Member

    Joined:
    Dec 16, 2008
    Messages:
    128
    Likes Received:
    51
  4. LakeForest

    LakeForest Supreme Member

    Joined:
    Nov 11, 2009
    Messages:
    1,269
    Likes Received:
    1,802
    Location:
    Location Location
    You mistakenly gave a client all your databases? That's pretty extensive willful neglect...

    As for 'hacking' your sites: change your passwords and make sure anonymous ftp id disabled.

    if your client did screw around where he wasn't supposed to because he got curious and went looking at the other databases and played around a bit and didn't know the mess that would get caused...apologize. You have a chance, right now.
     
  5. Xaviers

    Xaviers Regular Member

    Joined:
    Oct 3, 2011
    Messages:
    239
    Likes Received:
    171
    Occupation:
    Full time IM
    Location:
    Cerebro
    That's what namecheap said i wouldn't just guess it was you i don't even know you. They said it was specifically because i emailed my sql files to you. Personally I'm not concerned with arguing with you about it. The facts are my sites were hacked and i need solutions. You can feel how you need to i don't care. I stated the situation as it was presented to me.
     
  6. Xaviers

    Xaviers Regular Member

    Joined:
    Oct 3, 2011
    Messages:
    239
    Likes Received:
    171
    Occupation:
    Full time IM
    Location:
    Cerebro
    Yea it was screw up on my part. Whatever happened it closed all my sites with a bunch of errors and installed a bunch of backdoors according to namecheap tech support.
     
  7. dario111cro

    dario111cro Junior Member

    Joined:
    Feb 5, 2012
    Messages:
    180
    Likes Received:
    203
    Location:
    cloud
    He is right. Wordpress saves all passwords in md5, which is almost unbreakable (still, there is a chance with rainbow tables). Can you explain in which way are you sites hacked? Do you have injected code, no admin access, sites deleted...?
     
    • Thanks Thanks x 1
  8. cosmotheory

    cosmotheory Newbie

    Joined:
    Apr 23, 2010
    Messages:
    14
    Likes Received:
    6
    change your ftp and cpanel account passwords, contact with your hosting provider to restore your sites from backups. easy..
     
    • Thanks Thanks x 2
  9. Xaviers

    Xaviers Regular Member

    Joined:
    Oct 3, 2011
    Messages:
    239
    Likes Received:
    171
    Occupation:
    Full time IM
    Location:
    Cerebro
    It was injected code all the passwords were compromised. From what i gather during the time we were changing the sites the just kept installing more malicious code and back doors. They're all supposedly fixed but now I'm looking to maintain protection against such an attack in the future and or scanning regularly to make sure it's completely taken care of.
     
  10. Giuni

    Giuni Power Member

    Joined:
    May 14, 2009
    Messages:
    590
    Likes Received:
    275
    Gender:
    Male
    Location:
    Romania
    Home Page:
    instal a free plug in called "Wordpress Firewall 2" and it will protect you from the most known attack possibilities. i have a dude from Ukraine who is trying to hack my site at least 1 time per week for the last 2 months and i always receive an email telling me how he wanted to hack my site. this plugin gives me also the IP from where the attacker is :)
     
    • Thanks Thanks x 5
  11. Envyliciouz

    Envyliciouz BANNED BANNED

    Joined:
    Feb 5, 2012
    Messages:
    535
    Likes Received:
    220
    Hahahah. That's hilarious. Thanks a lot for it. Didn't know that exists such a plugin. Wish I could give you a big +rep.
     
  12. xealey

    xealey Newbie

    Joined:
    Sep 27, 2010
    Messages:
    16
    Likes Received:
    1
    haven't u back-up'ed your sites?
     
  13. johndoejohndoe

    johndoejohndoe Junior Member

    Joined:
    Feb 13, 2011
    Messages:
    177
    Likes Received:
    33
    MD5 encryption is only as good as the password you're using. Some sites have added the use of 'salt' keys for further encryption because of this fact. Either way, when you're creating a password in wordpress, or any other site, it should always be 'strong'.
     
  14. Xaviers

    Xaviers Regular Member

    Joined:
    Oct 3, 2011
    Messages:
    239
    Likes Received:
    171
    Occupation:
    Full time IM
    Location:
    Cerebro
    That sounds great thanks a lot.
     
  15. Xaviers

    Xaviers Regular Member

    Joined:
    Oct 3, 2011
    Messages:
    239
    Likes Received:
    171
    Occupation:
    Full time IM
    Location:
    Cerebro
    Absolutely.
     
  16. ionica21

    ionica21 Registered Member

    Joined:
    Apr 14, 2010
    Messages:
    51
    Likes Received:
    15
    Yeah, had to reformat my PC thanks to you... Although I realized it wasn't your fault. Shit happens I guess, I should've been more careful.

    I'm more embarrassed that it happened to me than anything else.
     
  17. gsy159

    gsy159 Power Member

    Joined:
    Apr 29, 2011
    Messages:
    655
    Likes Received:
    158
    First Check if all the sites on the server got hacked, so the server could be rooted, if not check your log files.

    And trust MD5 hashes are easily crackable, I can crack vbulletin hashes which are md5 +salt=MD5, so don't try to tell me it's not possible to crack them
     
  18. forwardedlandlines

    forwardedlandlines Jr. VIP Jr. VIP

    Joined:
    Feb 10, 2012
    Messages:
    540
    Likes Received:
    372
    What, not me I presume! My stuff is virusless, so it's other crap you download that screws up your pc.
     
  19. dario111cro

    dario111cro Junior Member

    Joined:
    Feb 5, 2012
    Messages:
    180
    Likes Received:
    203
    Location:
    cloud
    Well, you can always get brute forced, but that is not related to mistake OP unfortunately did. He can hope that his sites got hacked because of this mistake, since otherwise it could be a little bit more complicated to find vulnerability.


    PS. To op: scan you PC. It's possible that you have key logger or other kinds of malicious software.
     
    Last edited: Mar 10, 2012
  20. grav6

    grav6 Junior Member

    Joined:
    Jan 30, 2012
    Messages:
    169
    Likes Received:
    54
    Location:
    England
    If you're using Wordpress, once you have a CLEAN Wordpress site set up, the first plugin you should install and configure is:

    Code:
    http://wordpress.org/extend/plugins/bulletproof-security/
    Also, get a proper backup/restore plugin for when you want to sell someone a site, rather than making a rookie mistake in phpMyAdmin (or similar). At least you will just backup/restore that plugin. Avoid nulled themes and instead use one with a good reputation from Wordpress' own site (no backdoors "pre-packed").
     
    • Thanks Thanks x 1