My Wordpress site - compromised?

Discussion in 'Web Design' started by rancidricky, Feb 7, 2017.

  1. rancidricky

    rancidricky Regular Member

    Joined:
    Feb 1, 2016
    Messages:
    254
    Likes Received:
    115
    Occupation:
    NEET
    Hey guys,

    I've not checked my email for the last few days and have come back to find an email from iThemes security prompting me to update my wordpress version (I logged on and checked, it is up to date).

    But I also received several emails from my wordpress email ([email protected]) to my personal email which is with mail.com which has blocked them and says they contain a virus... I've never experienced this before...

    does anyone know what this might be, or have suggestions on what to do?

    My thought was that because i can still login fine it might have been hacked and used to send malicious emails?

    Really appreciate any ideas :)
     
  2. TyperX

    TyperX Junior Member

    Joined:
    Nov 2, 2013
    Messages:
    112
    Likes Received:
    18
    yes it could be hacked that way. Try also site:domain.com to see if any subpages are added
     
    • Thanks Thanks x 1
  3. rancidricky

    rancidricky Regular Member

    Joined:
    Feb 1, 2016
    Messages:
    254
    Likes Received:
    115
    Occupation:
    NEET
    Thanks for the input.
    I checked and didn't find any odd new pages
     
  4. ttmschine

    ttmschine Power Member

    Joined:
    Mar 27, 2013
    Messages:
    631
    Likes Received:
    359
    There's been a big attack on wordpress recently - could be you were caught up in it - see sucuri blog for details
     
    • Thanks Thanks x 1
  5. rancidricky

    rancidricky Regular Member

    Joined:
    Feb 1, 2016
    Messages:
    254
    Likes Received:
    115
    Occupation:
    NEET
    Can anyone who has knowledge of this security stuff recommend a course of action? Can't see any new pages added, same password still works... if I change my password am I in the clear? But I dont know how the infected emails came about :/
     
  6. I know SEO

    I know SEO The Caretaker Moderator Jr. VIP

    Joined:
    Nov 29, 2012
    Messages:
    16,549
    Likes Received:
    6,289
    Gender:
    Male
    Location:
    everywhere
    Moved to Web Design.
     
  7. thisisnotadrill

    thisisnotadrill Newbie

    Joined:
    Feb 9, 2017
    Messages:
    26
    Likes Received:
    1
    Gender:
    Male
    A wordpress site of mine was hacked recently. The hacker accessed my mailbox and sent 100,000's of emails, my mail folder located on my shared hosting account filled to capacity and the website was inaccessible. It was quicker for me to reset the whole thing (i.e. clear my public_html folder and refresh my cPanel) than delete 100,000's of files from a remote server. and then upload the whole thing again (lucky I had a local copy).

    If you upload your website via FTP then go to your mail folder which will be located at the root of your domain and see if any of the folders within that directory are filled with amass of strange files.

    It may also be worth checking your sent box from your domains mail box to check activity.

    If you can, it will be worth backing up your website now if you do not have a recent copy.
     
  8. thisisnotadrill

    thisisnotadrill Newbie

    Joined:
    Feb 9, 2017
    Messages:
    26
    Likes Received:
    1
    Gender:
    Male
    AND If you have not already changed your password do it now.
     
  9. SnoopyDrew

    SnoopyDrew Supreme Member

    Joined:
    Jun 25, 2014
    Messages:
    1,212
    Likes Received:
    667
    Gender:
    Male
    Occupation:
    Affiliate Marketing And SEO
    Location:
    Oregon
    I suggest downloading WordFence, its a plugin for your wordpress and scans the whole site for malware and other harmful viruses.
     
  10. malayguru

    malayguru Regular Member

    Joined:
    Oct 29, 2012
    Messages:
    384
    Likes Received:
    60
    Gender:
    Male
    Occupation:
    Entrepreneur
    Location:
    Singapore
    there is a lot of hacktivity recently due to vulnerabilities in wordpress 4.7 and 4.7.1
    please update ur wordpress site to 4.7.2 and those vulnerabilities will be patched
    lastly, please install wordfence plugin, it helps to protect ur site.