1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Keep getting hacked, help!

Discussion in 'Blogging' started by abusetheuser, Jan 26, 2012.

  1. abusetheuser

    abusetheuser Newbie

    Joined:
    Sep 26, 2011
    Messages:
    15
    Likes Received:
    0
    Hi guys, Ive been running a news publication site/blog for awhile now..

    This is the second time I have been hacked..

    Public HTML is the folder thats been hacked, first time it was shut down for phishing, this time it was spamvertisement. I am losing business here.

    I have been using all of the reccomended security plugins..

    Block Bad Queries
    Bulletproof Security
    Chap Secure Login
    Login Lockdown
    Ultimate Security Checker
    WP Security Scan

    I've also fixed timthumb vulnerability

    Now last time this happened I went into R1 Soft and got one of my backups.. the past two days of backups had in the public html folder a bunch of new folders with random strings... and then i found a clean one (assumed it was clean) then I upped my security.

    This time, I went through the R1 soft backups again, and like before todays and yesterdays public html were filled with random stringed folders with html pages inside of them. Only this time I went through all of the R1 backups, even the one a week ago has a folder named "2c5cf4" with an html inside of it, all the other folders are gone but im assuming that folder as well is mallicious - so I now have no safe backups..

    How can I fix this, and how can i prevent this from happening again... I have a family member dying and I really dont have the time or the energy to be dealing with this right now :(

    Are they getting in through htaccess? can i prevent that?

    Also Im using a w-p-zoom theme that I got from these forums

    If it matters the inside of my public html looks like such

    _private
    _vti_bin
    _vti_cnf
    _vti_log
    _vti_pvt
    _vti_txt
    2c5cf4
    cgi-bin
    images
    wp-admin
    wp-content
    wp-includes
    .htaccess
    _vti_inf.html
    error_log
    index.hawkhost
    index.php
    license.txt
    postinfo.html
    readme.html
    wp-activate.php
    wp-app.php
    wp=atom.php
    wp-blog-header.php
    wp-comments-post.php
    wp-commentsrss2.php
    wp-config-sample.php
    wp-cron.php
    wp-feed.php
    wp-links-opml.php
    wp-load.php
    wp-login.php
    wp-mail.php
    wp-pass.php
    wp-rdf.php
    wp-register.php
    wp-rss.php
    wp-rss2.php
    wp-settings.php
    wp-signup.php
    wp-trackback.php
    xmlrpc.php
    zend_ioon_index.php

    and that is from my R1 backup from about a week ago.

    please help if you can, ill give you a hug or something.
     
  2. heiska

    heiska Junior Member

    Joined:
    Dec 5, 2008
    Messages:
    138
    Likes Received:
    169
    Change all passwords, keep WP and all the plugins updated, stop using any nulled themes/plugins if you are, change your hosting provider and scan your computer with malwarebytes for keyloggers.
     
  3. resistancee

    resistancee Registered Member

    Joined:
    Jun 22, 2011
    Messages:
    99
    Likes Received:
    40
    Here's what I'd advise.

    1. First off run MalwareMalbytes on your PC in safe mode.
    2. Run ComboFixer in Safemode (This is a big one, my favourite least used tool!)
    3. Change password's to your WP blog, Cpanel, Mysql e.t.c.
    4. Contact host and ask for FTP log's & find out what they changed/edited.
    5. Check date stamp's on files.
    6. You should be clean, run over your CHMOD's & make sure none are set to something stupid.
     
    • Thanks Thanks x 1
  4. abusetheuser

    abusetheuser Newbie

    Joined:
    Sep 26, 2011
    Messages:
    15
    Likes Received:
    0
    Thanks guys.. some of this is a bit new to me so I dont think I understood everything that was suggested...

    like i dont know anything about CHMOD?

    What should I do about my current backup since there is that unknown folder? I'd like to get the site up as soon as possible, i just need to make it safe, and then keep it safe
     
  5. ardley216

    ardley216 Elite Member

    Joined:
    Mar 28, 2008
    Messages:
    2,391
    Likes Received:
    2,356
    Occupation:
    Finding easy keywords
    Location:
    1,500,000,000 Keywords Re
    Home Page:
    I am considering transferring hosting accounts because of the ongoing hacking! I currently have all my wordpress's 302'd to some polish website! :(
     
  6. MKelly

    MKelly Regular Member

    Joined:
    Aug 27, 2010
    Messages:
    233
    Likes Received:
    117
    Location:
    UK
    First talk to your web host about it, check the server security and activity log e.t.c..

    Be aware that the problem might be on your PC, you might have spyware or malware e.t.c.. where they get your wordpress login info when you log in.

    Chnage all password to long, meaningless random strings of characters like *&%^^%#IUgiuwge^^4$$##weif9^^)*60

    Just out of interest, which web host is this?
     
  7. resistancee

    resistancee Registered Member

    Joined:
    Jun 22, 2011
    Messages:
    99
    Likes Received:
    40
    The first thing you should be working on is finding out how they got the information. It's usually through some build in javascript on a website e.t.c. I'd scan exactly how I said in the post above & perhaps get yourself something that offers browser protection e.g. ESET NOD 32. Once your PC is clean, then focus on fixing everything.
     
  8. MKelly

    MKelly Regular Member

    Joined:
    Aug 27, 2010
    Messages:
    233
    Likes Received:
    117
    Location:
    UK
    I forgot to say: make sure that your actual theme is watertight, some themes you download from anywhere, even this forum have built in vulnerabilities where the purpose is to provide a back door into your site.
     
  9. TR0J4N

    TR0J4N Registered Member

    Joined:
    Jul 16, 2010
    Messages:
    99
    Likes Received:
    17
    Occupation:
    unemployed
    Location:
    My PC
    well if you are on Shared hosting it might not be cause of you, maybe someone rooted the server but I think you need to scan your files and check your theme files code too
     
  10. BHopkins

    BHopkins Moderator Staff Member Moderator Jr. VIP

    Joined:
    Dec 31, 2010
    Messages:
    2,311
    Likes Received:
    1,387
    Gender:
    Male
    Occupation:
    ORM and SEO company owner
    Location:
    California
    Home Page:
    If you're using a good host, just contact them and ask them to look into it. Hostgator has been great for me when my WP installs got hacked (about once a year).
     
  11. Kymon

    Kymon Newbie

    Joined:
    Jan 27, 2012
    Messages:
    20
    Likes Received:
    1
    Location:
    In The Cloud
    Most has been answered but i agree about
    using themes, plugins with potential problems.
     
  12. CubanCohibas

    CubanCohibas Registered Member

    Joined:
    Jan 21, 2012
    Messages:
    90
    Likes Received:
    32
    Anything you're using (plugins, themes, hosting, etc.) need to be from a trusted source. Also as mentioned earlier, check your computer for any malware, keyloggers, etc.
     
  13. resistancee

    resistancee Registered Member

    Joined:
    Jun 22, 2011
    Messages:
    99
    Likes Received:
    40
    And in future try to use virus/spyware software that supports your browser. My eset nod 32 stops everything JavaScript getting in and I get a hell of a lot from scrapebox!