1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[HELP] Site got hacked

Discussion in 'Blogging' started by Owlpic, Apr 10, 2012.

  1. Owlpic

    Owlpic Regular Member

    Joined:
    Mar 8, 2010
    Messages:
    224
    Likes Received:
    80
    Occupation:
    Software Engineer
    Location:
    Dallas
    Hi,

    My WordPress site got hacked. This is a new site and a new web host I was trying out. There was "shell.php" which I deleted and there were changes in "wp-login.php" & "index.php". The user was also deleted and default "admin" user was there. Screenshots below. Any help really appreciated.

    http://imgur.com/a/hjm1a

    Best Regards,
    Rajesh
     
  2. BluRoze

    BluRoze Registered Member

    Joined:
    Jun 15, 2011
    Messages:
    77
    Likes Received:
    13
    Location:
    USA
    Next time, back up your site and keep a copy off your server. That's really all I can tell you. I don't know if there's anything you can do legally. They probably couldn't catch the guy, anyway.

    Another matter is what he put on your site... that message is very disturbing.
     
  3. poweronics

    poweronics Jr. VIP Jr. VIP Premium Member

    Joined:
    May 1, 2011
    Messages:
    3,117
    Likes Received:
    353
    Occupation:
    Freelancer
    Home Page:
    It seems that your hosting company did not have a backup. Avoid using new hosting companies.
     
  4. Scripteen

    Scripteen Elite Member

    Joined:
    Sep 19, 2009
    Messages:
    1,811
    Likes Received:
    1,918
    Home Page:
    Did you have the most recent version of WP there? Which plugins were installed?

    You must know how did the hacker get in before installing the blog again or else he will come back again.

    Most webmasters show off by how many plugins they have on their blog not knowing that insecure plugins are a major security risk.
     
  5. veselimis

    veselimis Newbie

    Joined:
    Mar 5, 2012
    Messages:
    27
    Likes Received:
    6
    Hey man,

    If you like, I can take a look here for you.
    I've seen a lot of hacked WordPress sites, and was able to clean most of them.
    If ya wanna this, just send me cPanel login details and I'll check it out for you.
     
  6. simey69

    simey69 Regular Member

    Joined:
    Mar 27, 2009
    Messages:
    325
    Likes Received:
    1,478
    Location:
    UK
    I'd expect you got hit by 1 of 3 ways:

    1. infected plugin - feel free to pop over your plugins, I'd happily scan through them and let you know if they're guilty or not.

    2. Bad password choice - either host/cpanel/ftp etc or WP - make sure you're using good strong passwords, not some crappy simple word/number stuff. (there are good strong password generators all over the web)

    3. less likely, but maybe you have a crap host - so they got hacked first?

    For me, I'd do a DB back-up, uninstall the lot and re-install, just in case anything is still infected or broken

    If you're keeping your installation -
    Ensure you're WP and plugins are up to date
    There are a number of exploit scanner plugins you can install into WP - maybe worth a check..

    Si
     
  7. cevman1

    cevman1 Regular Member

    Joined:
    Sep 4, 2011
    Messages:
    280
    Likes Received:
    136
    Same exact people attacked my site, I just removed everything since it was a trash/test site anyhow. I use hostzillas free cloud hosting if it makes any difference. Not sure if it started there
     
  8. mrtwister_65

    mrtwister_65 Regular Member

    Joined:
    Dec 30, 2009
    Messages:
    462
    Likes Received:
    534
    One of the common exploits is your wp theme, even a reliable theme is not safe. Trying to outdo other themes they include exploitable scripts. Not that they want to, but by design those scripts make themselves available to break in with simple hacking scripts. Change your wp theme if using one, my advice.
     
  9. logicmethod

    logicmethod Newbie

    Joined:
    Feb 18, 2011
    Messages:
    15
    Likes Received:
    0
    You can also try reinstall wordpress and use the same database config file and your site should be right back to normal
     
  10. crazydevil

    crazydevil Newbie

    Joined:
    Nov 16, 2011
    Messages:
    49
    Likes Received:
    5
    Home Page:
    I rely a lot on my .htaccess to protect my site and my files. Also, I use plugins as Better WP Security and Security *****. I always check CHMOD permissions on my folder and files. I am a web designer, so I create my own themes based on reliable wordpress frameworks and I always make updates. However, no one is 100% protected.
     
  11. derfall

    derfall Registered Member

    Joined:
    Dec 27, 2009
    Messages:
    61
    Likes Received:
    81
    I have fairly good instructions on my website as to how to secure a WordPress site. secure-your-website dot com. The $17 plug-in does add
    another layer of security, but you'll do a good job of locking everything down if you scroll down to the link for "My Written Instructions" and
    follow those instructions.

    You only need enough skill to get into File Management in CPanel (I use Hostgator), and be able to find and activate plug-ins from Wordpress dot org. This is easy from within your WordPress site. It took me two weeks of studying two WSOs (Bulletproof and WP-Padlock), and some
    YouTube videos to write it. If you have comments or can suggest additions, I'd love to read them. ​
     
  12. ProAffiliate01

    ProAffiliate01 Junior Member

    Joined:
    Feb 27, 2012
    Messages:
    147
    Likes Received:
    10
    Occupation:
    Web specialist
    Location:
    Denmark
    I had an issue where someone was spammimg my blogs. One thing I had to do was change my blog posting e-mail to something harder to guess. You also have to probably change your password and report the incident to WP.
     
  13. wMercw

    wMercw Junior Member

    Joined:
    Apr 10, 2012
    Messages:
    160
    Likes Received:
    20
    Occupation:
    I am a Entrepreneur and IM
    Location:
    Toronto
    O man I got hacked a while back, and it was an ordeal, I say depending on how bad it is you might have to reinstall WP, but if you have hostgator you might be able to manually delete the harmful files.
     
  14. markhenry121

    markhenry121 Elite Member

    Joined:
    Oct 14, 2011
    Messages:
    2,149
    Likes Received:
    239
    WordPress is very popular platform these days..Anyone wants to crack and hacked your site. Some steps to take Don't use ‘admin' username, Install Login LockDown Plug-in , Install Secure WordPress plug-in, Move your wp-config.php file so on..also check this codeforest.net/10-wordpress-security-tips-that-could-save-your-site
     
  15. stratocentric

    stratocentric Junior Member

    Joined:
    Mar 12, 2012
    Messages:
    122
    Likes Received:
    35
    1. Change your user name and password for mysql.
    2. Move your wp-config.php file up a directory so that it is in /home/yourusername/ instead of /home/yourusername/public_html/
    3. Update your wordpress
    4. Update your plugins
    5. Search your upload folder for files ending in php
    6. make sure file permissions are chmod 0755 for directory and 0644 for files
    7. Don't install Wordpress with Fantastico ... learn how to do it by hand.
    8. Don't install plugins that require insecure file permissions or have instructions like chmod 0777 your plugins directory
    9. Install Timthumb vulnerability scanner and run it on your site.
    10. Use a different admin username than admin.
    11. Don't use the same password on every WP site you own and on every forum you join (no offense guys) as it will eventually get into the wrong hands.
    12. Use something like Last Pass for Firefox to store your passwords for each site so that you can remember all this stuff!
     
    • Thanks Thanks x 1
  16. boosters

    boosters Regular Member

    Joined:
    Mar 27, 2011
    Messages:
    225
    Likes Received:
    62
    Ask your webhosting provider for better advice.
     
    Last edited: Sep 21, 2012
  17. ice41

    ice41 Power Member

    Joined:
    Aug 18, 2012
    Messages:
    783
    Likes Received:
    248
    Occupation:
    Web Designer
    Location:
    Land of Pineapples
  18. MatthewWoodward

    MatthewWoodward Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 31, 2012
    Messages:
    992
    Likes Received:
    1,681
    Occupation:
    SEO
    Location:
    UK
    Home Page:
    I had similar problems with a site that was constantly getting hacked even thoguh I had everything up to date and locked things down as much as possible.

    Installing Wordpress Firewall 2 stopped it from happening :p
     
  19. thecashbag

    thecashbag Newbie

    Joined:
    Sep 27, 2011
    Messages:
    36
    Likes Received:
    3
    This post will help to prevent attacks next time: w00w00w.blackhatworld.com/blackhat-seo/blogging/464934-guide-secure-your-wordpress-website-howto.html
     
  20. SnowWar

    SnowWar Power Member

    Joined:
    Mar 3, 2012
    Messages:
    595
    Likes Received:
    48
    Occupation:
    Pure student :p
    I think your plugin is damaged.
    please reinstall WordPress and also plugin and then may be secured to your blogging site.