1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacked again

Discussion in 'Black Hat SEO' started by Vrill, Jan 20, 2015.

  1. Vrill

    Vrill BANNED BANNED

    Joined:
    Jun 16, 2013
    Messages:
    380
    Likes Received:
    374
    I'm fucking tired of getting hacked like each month from fucking russian hackers and looking for the malware they injected.
    I got a high authority blog in a very special niche and its really getting hacked like each month.
    When checking results of my domain in google i always find newly created websites on my blog which targets for keywords for adult,credits,binary options etc and these sites are created in hundreds or thousands.
    I just checked and found i got hacked again

    I'm really pissed about that or i checked one of my email accounts to see there massivly coming emails with the message mail couldnt be delivered.I checked and it looks like somebody is using my domain to send spam mails out and i receive on my real email account the messages of emails which couldnt be delivered.

    Its fucking annoying to be target #1 of hackers to tries non stop to brute force my website and rip the ass off of the authority website
     
  2. DFWi Reaper

    DFWi Reaper Regular Member

    Joined:
    Nov 10, 2014
    Messages:
    267
    Likes Received:
    161
    Gender:
    Male
    Occupation:
    Forex Trader
    Location:
    Texas
    Yeah I've noticed even my dad's company sites getting attacked, I used wordpress to make them so they could maintenance them easily but it seems to be very vulnerable...
     
  3. Vrill

    Vrill BANNED BANNED

    Joined:
    Jun 16, 2013
    Messages:
    380
    Likes Received:
    374
    Filename: index.php
    File type: Core
    Issue first detected: 6 hours 30 mins ago.
    Severity: Critical
    Status New
    This WordPress core file has been modified and differs from the original file distributed with this version of WordPress.

    got 6 1/2h ago hacked and their arround 2000 websites are already listed on google
     
  4. Vrill

    Vrill BANNED BANNED

    Joined:
    Jun 16, 2013
    Messages:
    380
    Likes Received:
    374
    injection i got .........................

     
  5. DFWi Reaper

    DFWi Reaper Regular Member

    Joined:
    Nov 10, 2014
    Messages:
    267
    Likes Received:
    161
    Gender:
    Male
    Occupation:
    Forex Trader
    Location:
    Texas
    Are you using webmaster tools to find this or something else?

    Also, when I do "site:" on my computer, it shows up with 1000 extra links, but when I look it up on my phone or something off my home network (even asked a friend) I/they don't see it?
     
    Last edited: Jan 20, 2015
  6. Vrill

    Vrill BANNED BANNED

    Joined:
    Jun 16, 2013
    Messages:
    380
    Likes Received:
    374
    After getting hacked like 10 times i bought some tools which i installed.
    Today i ordered a custom tool which will check my ftp host each hour if any files have been modified
     
  7. Vrill

    Vrill BANNED BANNED

    Joined:
    Jun 16, 2013
    Messages:
    380
    Likes Received:
    374
    THey also changed WordPress core file modified: wp-login.php and wp-mail.php
     
  8. saadad

    saadad Junior Member

    Joined:
    Feb 25, 2009
    Messages:
    169
    Likes Received:
    24
    Home Page:
    I m not sure how serious you are. Are you profesional player who makes money for a living out of this websites then you should know, how much money you spend on your host that much of a security you will have.

    But main reason you are hacked is probably you dont care about your websites/plugins, you dont update them regulary.

    If you are serious:
    Hire a profesional to clear your wbesites and mvoe to better host, VPS or didecated. And always keep your wordpress stuff up to date.

    If you dont know any profesional, then now you know one. (me) lol
     
  9. DFWi Reaper

    DFWi Reaper Regular Member

    Joined:
    Nov 10, 2014
    Messages:
    267
    Likes Received:
    161
    Gender:
    Male
    Occupation:
    Forex Trader
    Location:
    Texas
    Well, the problem is I no longer manage the IT portion of my dads company as I've moved on. And no one else is competent enough to know how to update plugins so it just falls through the gaps...
     
  10. Vrill

    Vrill BANNED BANNED

    Joined:
    Jun 16, 2013
    Messages:
    380
    Likes Received:
    374
    Its already on one of the best hostings you can get.They are basicly just for companies website.
    Plugins are updated twice a week.
    Theme is custom made.
     
  11. aukint

    aukint Junior Member

    Joined:
    Jul 14, 2013
    Messages:
    133
    Likes Received:
    13
    Occupation:
    Software Engineer
    Location:
    BlackHatWorld
    well, close all your insecure ports which are not in used by contacting your hosting provider. It had done with my VPS and 18 sites were hacked but after closing sockets / ports by my hosting provider. It saved now!
     
  12. Trepanated

    Trepanated Supreme Member

    Joined:
    Sep 18, 2010
    Messages:
    1,395
    Likes Received:
    5,381
    Are you certain it's 100% custom made?

    There are lots of people out there who design 'custom' websites, but all they do is modify an existing theme.

    If that's their game, they would also be more likely to use nulled themes, which are very likely to be 'pre-hacked'.
     
  13. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,229
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Okay - you state that the hosting you have is just for business, that doesn't matter one bit. If its shared hosting then there is still a chance another site is being hacked and getting privs across the server. Do you know who else is hosting on that server and are their sites getting exploited as well?

    What kind of themes and plugins do you have - are they all paid for / free or are you 'acquiring' them from other places?

    How often do you update everything?

    Have you scanned your local machine for anything dodgy like malware, perhaps they are getting site creds from there.

    Do you have a time span when the hack happened, for example between 10 and 11 in the morning your site got hacked? If you do then grab log files and start looking through to see if they are uploading via FTP, they have cPanel access or what.

    As someone has already mentioned - if trying to lock down your hosting is out of your comfort zone find someone to help you out.
     
    • Thanks Thanks x 1
  14. TiagoS

    TiagoS Jr. VIP Jr. VIP

    Joined:
    Jul 5, 2014
    Messages:
    333
    Likes Received:
    152
    Vrill , I recommend you checking your plugins and themes , Updating your wordpress , Installing Codeguard (https://www.codeguard.com/pages/how-it-works) It's a paid plugin , perhaps they make daily backup , alert when something is changed and if it was not you it gets restored . Also , If possible , use Cloudflare on a paid plan , They got a pretty good WAF (Also you may block countries like china, russia etc where usually the attackers use their proxies).
     
    Last edited: Jan 20, 2015
  15. share4win

    share4win Power Member

    Joined:
    Jan 2, 2014
    Messages:
    530
    Likes Received:
    121
    Location:
    In Earth near by you...
    I've felt this pain until last month. It was happened through one of the plugin installed. After that I've installed wordfence and blocked a particular country (in my case it's italy). This plugin also gives the status of successful WP admin login notification via email every time, so that you could be aware of your login from anonymous. I hope this solves your problem. For already built malware pages, just disavollow them via WMT.
     
  16. DFWi Reaper

    DFWi Reaper Regular Member

    Joined:
    Nov 10, 2014
    Messages:
    267
    Likes Received:
    161
    Gender:
    Male
    Occupation:
    Forex Trader
    Location:
    Texas
    1) I host 15 websites on a reseller account. No one else is having issues (yet)
    2) All free plugins, none "acquired"
    3) I have scanned mine, do quite often
    4) No longer maintenance these sites, just noticed it happened and as it's my dads company fixed it for them.
    5) Contacted the support team for my hosting, they scanned "stuff" on their side and didn't find anything or anything that needed to be changed -_-

    I use InmotionHosting for the reference.
     
  17. saadad

    saadad Junior Member

    Joined:
    Feb 25, 2009
    Messages:
    169
    Likes Received:
    24
    Home Page:
    OMG what people do when they are hacked. 99% of those hacks are automatic. So blocking someone is useless. Many well known hosts dont care. They sell you host and now is your job to secure your website. And like the one dude said, if you are on shared hosting then u can eb easily hacked even if yous secure your site.

    Thats why i m saying u need VPS and secure it by profesional.
     
  18. FBGuru

    FBGuru Senior Member

    Joined:
    Sep 22, 2013
    Messages:
    928
    Likes Received:
    1,172
    Location:
    Personality Type : ESTP
    Vrill, care to share the name of your hosting company?
     
  19. Vrill

    Vrill BANNED BANNED

    Joined:
    Jun 16, 2013
    Messages:
    380
    Likes Received:
    374
    home.** .............
     
  20. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,229
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Just had a look at InmotionHosting and there is no difference between 'Business Hosting' and 'Reseller Hosting',its just marketing BS that makes business type people feel more important. You will all be bundled on the same servers with the same control panels, the same binaries running the whole show. Looking at your answer to #5 I guess the red flags should be flying high at the 'business' standard marking bull!

    If your dads company isn't spotting this stuff themselves they either need to get you back on the books or they outsource the management of everything or upgrade to managed hosting (be careful there though, not all managed hosting will look after malware problems!)


    ** EDIT: Think I got mixed up between Vrill and DFWi Reaper, didn't know there were two different things going on! **

    Its all well and good continually fixing the problems when you see them crop up but you, or someone from your dads company, needs to find the root cause.
     
    Last edited: Jan 20, 2015