1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My websites keep on getting hacked! :(

Discussion in 'White Hat SEO' started by nipunn12, Feb 12, 2012.

  1. nipunn12

    nipunn12 Regular Member

    Joined:
    May 30, 2011
    Messages:
    372
    Likes Received:
    98
    I have quite a few sites hosted on a shared server which used to get hacked once every 8 or 9 months. But now they are becoming popular and some people keep on hacking my site everyday.


    Example : - Three Days back someone hacked my sites ( I think he just hacked the server ) to redirect to some Russian site I do not own. The person cleverly mass pinged it so Google would crawl it immediately and then removed the script... So every time i LINKED my website on facebook, twitter and linkedin ( Dads site ) it would go to the Russian site. Same result if you search for it on Google , Yahoo and Bing but not if you directly typed the web address.

    So i asked my host and he told me to delete some files ( OwNaGe.php ) from my ftp account and he also said to tell Google to recrawl all my sites and it worked.... for 1 day....... :(

    Today I checked all my sites AND ALL LINKED TO THE RUSSIAN SITE AGAIN. EVEN THE ONE I BOUGHT YESTERDAY!!!!!! NOT ONLY THAT BUT BEFORE ENTERING THE SITE GOOGLE WOULD TELL ME THAT THE SITE IS HARMFUL AS IT CONTAINS CONTENT RELATED TO ANOTHER VIRUS SITE WHICH I CHECKED AND WAS EMPTY!

    Please help me Black Hat World! Can someone guide me how to find and remove suspicious scripts and how to make my sites very secure?

    Or can anyone offer me a good ( not so expensive ) service to look after and fix my sites :) I'm only 14 and don't want to spend too much money on this ( If it is a yearly or monthly subscription )


    Thank You :(
     
    Last edited: Feb 12, 2012
  2. kkvsam

    kkvsam Senior Member

    Joined:
    Oct 11, 2009
    Messages:
    936
    Likes Received:
    569
    Occupation:
    SYS ADMIN
    Home Page:
    Are you using nulled version of plugin or theme?
     
  3. ritesh

    ritesh Senior Member

    Joined:
    Oct 26, 2009
    Messages:
    1,046
    Likes Received:
    443
    Do a clean reinstall.
     
    • Thanks Thanks x 1
  4. WhitePwn

    WhitePwn BANNED BANNED

    Joined:
    Feb 9, 2012
    Messages:
    53
    Likes Received:
    60
    He's probably using a shell on your server or he has backdoor access to the server.
    Check your ftp account for any .php files you might not have uploaded.If you are using wordpress,check the wp-content directries too.
     
  5. Techxan

    Techxan Elite Member

    Joined:
    Dec 7, 2011
    Messages:
    3,093
    Likes Received:
    3,585
    Occupation:
    Local SEOist
    Location:
    TEXAS (you have to yell, its the law.)
    • Thanks Thanks x 2
  6. nipunn12

    nipunn12 Regular Member

    Joined:
    May 30, 2011
    Messages:
    372
    Likes Received:
    98
    No, I have been using Official Free Plugins ( With high rating and approved )on my WordPress sites for 1.5 years. But the theme for one of my website is a premium one which i bought I think last year.
     
  7. nipunn12

    nipunn12 Regular Member

    Joined:
    May 30, 2011
    Messages:
    372
    Likes Received:
    98
    Also I'm using Just Host to host my sites. I think these kind of hosting sites don't care much about safety of websites hosted through shared hosting
     
  8. kkvsam

    kkvsam Senior Member

    Joined:
    Oct 11, 2009
    Messages:
    936
    Likes Received:
    569
    Occupation:
    SYS ADMIN
    Home Page:
    Ok. If you have old backup, then restore it and secure your admin area with complex password and change user name other than "admin". Do you have any other admins in your site?
    Secure the ftp access. Then install
    wp firewall
    wp supre weep plugin
    TAC
    BulletProof Security
    Backup buddy.
    It will secure your wordpress. Hope you get the idea.
     
    • Thanks Thanks x 1
  9. nipunn12

    nipunn12 Regular Member

    Joined:
    May 30, 2011
    Messages:
    372
    Likes Received:
    98
    Last edited: Feb 12, 2012
  10. nipunn12

    nipunn12 Regular Member

    Joined:
    May 30, 2011
    Messages:
    372
    Likes Received:
    98
    I will ask my hosting provider to wipe my hosting space and install my backup. I think the virus is getting in from the host site not WordPress. Will the plugins still help?
     
  11. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    The virus is on your computer every time you clean the site your site will be reinfected.
    Clean your pc and create new ftp accounts.
     
  12. eiulii

    eiulii Newbie

    Joined:
    Jan 20, 2012
    Messages:
    32
    Likes Received:
    1
    It is really a challenging situation, I wish if I could help you out there. However, please try to find out how he gets ur log in information, I think the hosting provider is not relaiable on that sence.
     
  13. nipunn12

    nipunn12 Regular Member

    Joined:
    May 30, 2011
    Messages:
    372
    Likes Received:
    98
    It can not be my computer because i did not log in for 2 months and i do not store passwords. Also just host checked it and removed the files ( which were injected by some guy who calls himself Ra3Ziesr. But i am going to reinstall Windows 7 on all my laptops and change my ftp and Wordpress passwords + install the plugins
     
  14. nipunn12

    nipunn12 Regular Member

    Joined:
    May 30, 2011
    Messages:
    372
    Likes Received:
    98
    After chatting with 5 Just Host representatives for 1 hour each, I finally found a useful one who knew what he was saying. He told me that they will scan and tell me the exact malware locations so i could delete them myself. ( The rest of the representatives told me to buy a service from wewatchyourwebsite.XXX )

    Now I removed all the malware files and the sites that you sent to me to check if my site had malware say that nothing was found :)

    Next step to install safety plugins and manual back up so i wont need to do much next time it happens
     
  15. nipunn12

    nipunn12 Regular Member

    Joined:
    May 30, 2011
    Messages:
    372
    Likes Received:
    98
    After chatting with 5 Just Host representatives for 1 hour each, I finally found a useful one who knew what he was saying. He told me that they will scan and tell me the exact malware locations so i could delete them myself. ( The rest of the representatives told me to buy a service from wewatchyourwebsite.XXX )

    Now I removed all the malware files and the sites that you sent to me to check if my site had malware say that nothing was found :)

    Next step to install safety plugins and manual back up so i wont need to do much next time it happens
     
  16. TZ2011

    TZ2011 Senior Member

    Joined:
    Jun 26, 2011
    Messages:
    832
    Likes Received:
    864
    Occupation:
    Cleaning servers
    1. go from justhost as fast as you can. take hostgator.
    2. always updated wp core install ? current version 3.3.1 ?
    3. plugin "Bullet Proof Security Plugin" is doing miracles, free version is on wp repository, check it.
     
  17. nipunn12

    nipunn12 Regular Member

    Joined:
    May 30, 2011
    Messages:
    372
    Likes Received:
    98
    Track this ip address : 92.99.136.180
     
  18. websanova

    websanova Newbie

    Joined:
    Jan 18, 2012
    Messages:
    48
    Likes Received:
    2
    Home Page:
    There are so many potential problems here I wouldn't even know where to start. It could be your computer that's infected, could be your specific account, or the server itself.

    If you already know these guys get hacked every 8 to 9 months that's probably a good indicator to change hosting providers.

    If you are getting viruses on your own machine after running a scan, I would just reformat that thing and avoid going to sketchy porn sites in the future.

    After you know you're clean, I would switch hosting providers, probably move a set of clean files over, not the exact ones, because you may just be moving a script over again.

    Who even knows, your code itself could be modified.
     
  19. kitteh101

    kitteh101 Regular Member

    Joined:
    Jan 17, 2012
    Messages:
    363
    Likes Received:
    53
    Occupation:
    Consultant
    Location:
    International
    (not full IP trace)IP address is from AE, United Arab Emirates .......... He appears to have been reported by many people and must know what he is doing. I am sorry you got targeted by a hacker it sucks.
     
  20. p0532673

    p0532673 Registered Member

    Joined:
    Aug 17, 2008
    Messages:
    63
    Likes Received:
    29
    FWIW, if you have wordpess installed check that your timthumb is updated. Google timthumb for more info.