1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Just Had Brand New Wordpress Website Hacked!

Discussion in 'Black Hat SEO' started by UrbanMedusa, Aug 14, 2015.

  1. UrbanMedusa

    UrbanMedusa Junior Member

    Joined:
    Jul 12, 2015
    Messages:
    116
    Likes Received:
    7
    I purchased a domain and hosting with HostGator 2 days ago and installed wordpress on the website using the one click installer.

    I today decided to do some work on the site and I am faced with a blank white page and a black text message stating I have been hacked by some weird usernames.

    I'm 0 in the queue for online chat and have been for about 25 minutes now.

    Is HostGator really this crap? if so I will cancel the plan
     
  2. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,229
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Was it just the latest Wordpress install and what kind of password did you use (and did you go for the default admin username). Failing that do you have any other domains on the account?

    If you are on a shared folder its possible another account on the server got done over and gave them access to all the accounts.

    If you want a hand getting back and going give me a shout on Skype, it may just be a htaccess thing (hopefully) and they didn't actually delete anything.
     
  3. bilbo

    bilbo Power Member

    Joined:
    Jan 26, 2009
    Messages:
    647
    Likes Received:
    1,136
    Occupation:
    an actor on wizard of oz - the 3rd munchkin
    Location:
    middle earth
    What's hostgator got to do with anything?

    if its a brand new install then 1000 things could have gone wrong. simply delete the site and do another wordpress install with a nice long password and then install some free security plugins
     
  4. arpitagarwal82

    arpitagarwal82 Power Member

    Joined:
    Feb 20, 2008
    Messages:
    731
    Likes Received:
    471
    Location:
    Localhost
    Are you sure you haven't installed any vulnerable plugin or a cracked theme?
     
  5. HostStage

    HostStage Jr. VIP Jr. VIP

    Joined:
    May 20, 2010
    Messages:
    1,872
    Likes Received:
    1,768
    Occupation:
    BHW - CEO of Webhosting Company
    Location:
    BWH from France
    Home Page:
    • Thanks Thanks x 1
  6. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,229
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Maybe in the good old days, now they are EIG owned, I wouldn't bet on their skills anymore!
     
  7. redmoon

    redmoon Regular Member

    Joined:
    Aug 19, 2009
    Messages:
    246
    Likes Received:
    73
    Did you comb through your FTP folders and look for malicious code? Is your database hacked too? More than likely it's a security hole in the site not the host. Not a fan of hostgator, but if all the sites they host had this problem it would be all over the web.
     
  8. Sombrero

    Sombrero Senior Member

    Joined:
    Feb 28, 2011
    Messages:
    1,183
    Likes Received:
    1,013
    Occupation:
    Driver
    Location:
    On The Road
    Your hosting server is vulnerable to attacks or the WordPress plugins are outdated. I had the same issue with JustHost, just replace the Index.html. They didn't mess with your files they put the bad Index.html there.
     
  9. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,133
    Likes Received:
    33,671
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    • Thanks Thanks x 2
  10. UrbanMedusa

    UrbanMedusa Junior Member

    Joined:
    Jul 12, 2015
    Messages:
    116
    Likes Received:
    7
    Thanks to all the people who took the time to respond to this thread with helpful replies.

    It was a fresh wordpress install and I used the unique password that was emailed to me as it looked really secure to me with all the numbers, symbols etc.

    My username was my personal icloud email address that I don't give out.

    I have since put in the 45 money back guarantee request as I do not like how HG doesn't get back to you.

    When ever I have asked for help:

    I haven't received a callback
    I haven't received a ticket response
    I haven't received a response on live chat

    From the short time I was with them I thought they were an awful company but with all the mentions about them now being owned by EIG, I assume they are a shell of what they used to be
     
    Last edited: Aug 15, 2015
  11. diesel1

    diesel1 Senior Member

    Joined:
    May 22, 2013
    Messages:
    934
    Likes Received:
    226
    Never a good idea, you should use your own passwords...That NOBODY else knows
     
  12. ScarfaceMontana

    ScarfaceMontana Registered Member

    Joined:
    Mar 2, 2015
    Messages:
    84
    Likes Received:
    26
    If so, than you should check your computer for keyloggers or RAT´s. There are basicly 3 ways someone can get acces to your server: He bruteforce your server, he find some kind of vulnerabillity or he has a Keylogger on your computer. As far as I kow Hostgator standard password are allways (like you said) a mix of random numbers and symbols. So it would take years to bruteforce that. Also vulnerabillitys are rare. I believe you probably have something on your computer so you should check your pc bro!


    I personally also recommend you to not use auto-installers in general, I like to install everything by myself so I know what I´m doing. But this is just your choice.
     
  13. Sythix

    Sythix Senior Member

    Joined:
    Sep 29, 2014
    Messages:
    1,078
    Likes Received:
    712
    Location:
    127.0.0.1
    I wouldn't blame this on Hostgator, I use HG myself and have been extremely satisfied with them. You should read my story, of how my CPA website got hacked over 3 times (this was when I was using Godaddy). http://onlinesidehustle.com/help-wordpress-website-got-hacked/ It sounds like your website got attacked by the same people, same script, and it's extremely easy to fix. I have the method in the link, and if you have any problems you can always message me. I also outline some security tips and measures you should follow. A lot of people are uneducated about WP security or don't take it seriously enough. It's not really the hosts fault. My website was hacked 3 times, but I can honestly say it was my fault for not backing up my site and being ignorant about security at the time.
     
  14. puneetas3

    puneetas3 Senior Member

    Joined:
    Jan 8, 2012
    Messages:
    896
    Likes Received:
    387
    Sir, when a password is emailed it isn't safe anymore. Secondly please enlighten us with the theme you uploaded and the plugins you used. How many of these were cracked/nulled?
     
  15. UrbanMedusa

    UrbanMedusa Junior Member

    Joined:
    Jul 12, 2015
    Messages:
    116
    Likes Received:
    7
  16. Ambitious12

    Ambitious12 Elite Member

    Joined:
    Jun 26, 2014
    Messages:
    3,096
    Likes Received:
    609
    Occupation:
    No Occupation
    Location:
    Among the Stars
    I never heard any good praises about hostgrator ever thats why I do not like this
     
  17. UrbanMedusa

    UrbanMedusa Junior Member

    Joined:
    Jul 12, 2015
    Messages:
    116
    Likes Received:
    7
    I have canceled my account with them now under the 45 day money back guarantee and I'm currently waiting for the response.

    The customer service is non-existent and I'm thinking of going with GoDaddy next
     
  18. gimuzo

    gimuzo Newbie

    Joined:
    Jan 11, 2012
    Messages:
    15
    Likes Received:
    2
    Don't download crap scripts / soft / tools from unreliable sources. This is the best method to protect your money and time
     
  19. UrbanMedusa

    UrbanMedusa Junior Member

    Joined:
    Jul 12, 2015
    Messages:
    116
    Likes Received:
    7
  20. writehow

    writehow Regular Member

    Joined:
    Mar 3, 2014
    Messages:
    303
    Likes Received:
    56
    Location:
    What?Where?Who?
    Well like I love to say ... You get what you pay :D This is my #1 rule online and offline . That why I end paying 30? for my ssd vps from established offshore eu
    provider .

    P.S: From what I see they just added .html .. since your wp-admin is accessible.