1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacked site

Discussion in 'BlackHat Lounge' started by mission, Oct 26, 2012.

  1. mission

    mission Newbie

    Joined:
    Sep 9, 2009
    Messages:
    39
    Likes Received:
    20
    Occupation:
    IM
    Location:
    canada
    Home Page:
    Hi guys, just discovered a clients Wordpress site has been hacked I've managed to get access again to the dashboard and all the files and theme is still there thou when i go to the site url all i get is a blank page with hacked by hacker on it :( any of you guys shed some light on where to look to correct this as I've been thru some of the directory's and can't see how or what they've done i've noticed in the traffic logs intelium_bot and also wp_login attempts from an IP in Tunisia.

    can anyone help point me in the right direction on where to look


    p.s what they stand to gain from such things i don't no
     
  2. taslayer

    taslayer Newbie

    Joined:
    Jun 7, 2009
    Messages:
    1
    Likes Received:
    0
    ok first off you shouldnt be managing client if you dont know security. i will help you out, lol so yeah dude if you need lemme know because we do not know where this guy has been as of now, server could be rooted, bots runnin, all sorts of things. also i know this is my first post ive been lurking for a while lol that n havnt been able to access a computer. send me a email my username is at gmail lol but ye email me ill be more than willing to help you bro just email me. ill respond to you asap because this could be a bigger security issue than you are aware of.
     
    Last edited: Oct 26, 2012
  3. imprint

    imprint Junior Member Premium Member

    Joined:
    Nov 1, 2009
    Messages:
    151
    Likes Received:
    254
    Occupation:
    Entrepreneur/IM
    Da fuq? You supposedly just got "out of court" ( I'm assuming you weren't representing anyone ) for accessing some type of U.S. government computer without authorization and you decide to make your belated intro post by offering to just randomly help some guy? Did the judge ask you to turn over a new leaf and you're starting here? :D Something seems off about the post, and I'm not talking about the small font in-between the lines.
     
    • Thanks Thanks x 1
  4. mission

    mission Newbie

    Joined:
    Sep 9, 2009
    Messages:
    39
    Likes Received:
    20
    Occupation:
    IM
    Location:
    canada
    Home Page:
    lol agreed thankyou for your offering your help thou taslayer but given your lack of post and such i'll pass
     
  5. mission

    mission Newbie

    Joined:
    Sep 9, 2009
    Messages:
    39
    Likes Received:
    20
    Occupation:
    IM
    Location:
    canada
    Home Page:
    ok i've managed to fix it and its back up they changed the header.php file within the theme folder gits!!!! can anyone give us advice in stopping this in future from happening
     
  6. NX_NULL

    NX_NULL Regular Member Premium Member

    Joined:
    Dec 31, 2008
    Messages:
    309
    Likes Received:
    425
    if you are managing ur server with WHM, they have an inbuilt virus scan that checks your server with any known c99-100 shell or other variation of it that gives hacker access to server...

    I tried to upload different shell to my updated WHM server, and even with encoding them multiply, WHM still detects them...

    and also dont forget to update ur Wordpress.
    It can also come from a plugin or theme that hacker insert a backdoor inside it, no body checks the codes of those plugins and themes
     
    • Thanks Thanks x 1
  7. V

    V Elite Member

    Joined:
    May 18, 2012
    Messages:
    2,113
    Likes Received:
    2,543
    Occupation:
    Student
    Location:
    /tmp
    there's a plugin "BulletProof Security" mate, install it and customize the security of your WP site. Hope it helps :)
     
    • Thanks Thanks x 1
  8. ice41

    ice41 Power Member

    Joined:
    Aug 18, 2012
    Messages:
    783
    Likes Received:
    248
    Occupation:
    Web Designer
    Location:
    Land of Pineapples
    scan your site here:
    Code:
    http://sucuri.net/
    Make sure it's totally clean, so you won't have any headaches later.
     
    • Thanks Thanks x 1
  9. WrightWilliams

    WrightWilliams Power Member

    Joined:
    Jan 3, 2012
    Messages:
    538
    Likes Received:
    198
    Occupation:
    Internet Marketing Guru
    Location:
    The Adult Industry
    Uh, this thread is bonkers.
    I get the strange feeling the first reply to this guy is somehow related to the original post and it feels like he is going to try and sell his services to other people who have been hacked.
    But I am probably wrong and he is just an idiot.
     
  10. mission

    mission Newbie

    Joined:
    Sep 9, 2009
    Messages:
    39
    Likes Received:
    20
    Occupation:
    IM
    Location:
    canada
    Home Page:
    lol no its not related but feel free to think what you want and there was me thinking this was a place to learn and share but thanks for the positive input

    cheers guys appreciate the help