1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

omg, my website is hacked, why...?

Discussion in 'White Hat SEO' started by tenam, Jul 14, 2017.

  1. tenam

    tenam Newbie

    Joined:
    Jun 2, 2017
    Messages:
    46
    Likes Received:
    2
    Gender:
    Male
    Google tells "This site may be hacked." my website suffers from “URL Injection” hacked type after research.
    What I used are all bought from official website like the theme, plugin....
    I found that my webiste is index by google with content not created by me.
    something like this: mydomain.com/g12345 where the title is things like "nude,sex..etc..." I never do this....how to fix this issue?
    many thanks..
     
  2. Zwielicht

    Zwielicht Moderator Staff Member Moderator Jr. VIP

    Joined:
    Aug 31, 2013
    Messages:
    6,627
    Likes Received:
    11,762
    Gender:
    Male
    Occupation:
    Private Investigator
    Location:
    Riverside, California
    Home Page:
    Where you purchased your theme and plugins is a red herring in this case. Your site can still be hacked through brute forcing, zero-day vulnerabilities, outdated plugins, etc.

    There's no one-size-fits-all answer to this. If your site's fairly small, the easiest thing to do is to rebuild the entire site rather than spend time trying to figure out how the hacker got in, what backdoors they've left, where the malicious code is, etc. Download any images you have, save the text in a notepad, and wipe the site from the server. Re-download a fresh copy of the themes and plugins you used, and set everything back up. Do this during the time that your site receives the least activity in order to avoid interrupting as many users as you can. Additionally, update your site's login credentials and don't use something simple like "admin".

    Also, make sure your site is actually hacked and it's not a false alarm. Sometimes, when a site on the same server as your site is hacked, Google will display a warning as if it was your site that was breached. I recall this being the case for one of my clients last year who got a hacked site warning and then a "social engineering content" warning.
     
    • Thanks Thanks x 2
  3. kboxer7

    kboxer7 Senior Member

    Joined:
    Jan 25, 2010
    Messages:
    976
    Likes Received:
    733
    Do you have a backup of the site "pre-hack" ? Restoring to that backup won't fix the backdoor/vulnerability but it might get you back to normal for the moment. Update all plugins/themes/CMS if applicable.

    Then hire an expert to fix any security flaws.
     
  4. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,411
    Likes Received:
    3,057
    Gender:
    Male
    Out of curiosity, can I ask you what themes & plugins you used? Buying a theme/plugin doesn't make it secure atall. It might still have undisclosed zero day vulnerabilities as @Zwielicht mentioned.

    Also, do you have your site visitor log? What do you see there?
     
  5. boostpro

    boostpro Newbie

    Joined:
    Feb 23, 2017
    Messages:
    28
    Likes Received:
    4
    whats your site url ?
     
  6. RonyXbox1

    RonyXbox1 Newbie

    Joined:
    Jul 14, 2017
    Messages:
    17
    Likes Received:
    1
    Gender:
    Male
    you should contact your hosting service immediately
     
  7. kboxer7

    kboxer7 Senior Member

    Joined:
    Jan 25, 2010
    Messages:
    976
    Likes Received:
    733
    Somewhere around 53% of ALL plugins for Wordpress are "out of date" and thus likely insecure. And those are just the ones on the official repository.
     
  8. darulez

    darulez Jr. VIP Jr. VIP

    Joined:
    Mar 12, 2013
    Messages:
    2,280
    Likes Received:
    717
    Gender:
    Female
    Occupation:
    Waiting 36 days till I can stick it in
    Location:
    Walhalla
    some time ago, some site on some cheap hoster got hacked.
    hoster blaimed it on me.. (use antivir and shit)

    yeah right. it was a STATIC HTML site..

    > hoster kicked out.

    a lot of time, it is also the cheap hoster, that causes that trouble. cause THEY dont keep their systems clean!
     
  9. CyberHour

    CyberHour Jr. VIP Jr. VIP

    Joined:
    Apr 3, 2016
    Messages:
    647
    Likes Received:
    160
    Location:
    localhost
    Home Page:
    Confirmed
     
  10. Billy_Batts

    Billy_Batts Elite Member

    Joined:
    Dec 16, 2016
    Messages:
    1,952
    Likes Received:
    1,530
    Gender:
    Male
    Occupation:
    ♫♪.ılılıll|̲̅̅●̲̅̅|̲̅̅=̲̅̅|̲̅̅●̲̅̅|llılılı.♪♫
    Location:
    ı ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ *
    Home Page:
    WP is the most targeted platform on the internet.

    If you have a log you would be surprised how many daily attacks you will have from utter noobs that will fill in " admin" as login name, which on my sites you will get banned directly, to advanced hackers.

    So far no1 has even come close of getting in but it annoying for sure.

    I run Ithemes security and miniOrange 2fa
     
  11. xjapan

    xjapan Power Member

    Joined:
    Sep 16, 2014
    Messages:
    648
    Likes Received:
    77
    Location:
    unknown
    are you acidentally buying an expired domain and when you putting up your content that are totally different from the previous then google will detect the website may be hacked, the word "may be" is just a warning when google noticed differences in their indexing.
     
  12. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,411
    Likes Received:
    3,057
    Gender:
    Male
    most probably due to the poor ownership permission for the file system. Whenever a client provides me a shared hosting package, I try CDing into the parent folder to see if it is accessible. If it is accessible, it is hackable (given, you have write permission). Try that trick out next time and it will reduce the chance of being sorry later..
     
  13. lendir

    lendir Registered Member

    Joined:
    Oct 11, 2012
    Messages:
    65
    Likes Received:
    9
    many possibility, atleast viewing your server log will get you somewhere if not everybody will make stupid assumption for example ftp password,file permissions etc, those kinda hack work well perhaps in year 1999... as now day hack is more complicated..in my experience 80% wp got hacked is because poorly coded themes or plugin (only stupid admin set password with "qwerty" or "admin123456")..even if you set extra difficult password or setup extra secure file permission but if hacker able to launch shell command then is over
     
  14. tenam

    tenam Newbie

    Joined:
    Jun 2, 2017
    Messages:
    46
    Likes Received:
    2
    Gender:
    Male
    Thanks all!!!!!!!!!!
    My issue is solved in the following ways:
    1) backup all content
    2) ask the web host to delete the site and re-install
    3) import content
    Now the alert is gone...
    The possible cause might be the "Jetpack premium plugin" of which further research told me that it has the vulnerability..... without installation of it everything seems fine!!!
    Once again, thanks all for your input!!!!!
     
  15. mickyfu

    mickyfu Jr. VIP Jr. VIP

    Joined:
    Dec 14, 2011
    Messages:
    6,887
    Likes Received:
    19,789
    Occupation:
    King Of Crypto C
    Location:
    Solihull Young Offenders
    Maybe I'm misunderstanding. You backed up a hacked site and reinstalled a hacked site? And now you think it's fine?
     
  16. mickyfu

    mickyfu Jr. VIP Jr. VIP

    Joined:
    Dec 14, 2011
    Messages:
    6,887
    Likes Received:
    19,789
    Occupation:
    King Of Crypto C
    Location:
    Solihull Young Offenders
    Yeah sure Adrian.
     
  17. Mark Anthony

    Mark Anthony BANNED BANNED

    Joined:
    Jul 26, 2017
    Messages:
    68
    Likes Received:
    12
    Gender:
    Male
    Contact the official website where you bought the plug in they can help you of what is happening.
     
  18. mhgod

    mhgod Newbie

    Joined:
    Jan 15, 2017
    Messages:
    23
    Likes Received:
    2
    So your security is all on login page, there were and are plenty of wordpress 0days that can easily give access to attacker without having to login to your dashboard.
    I'm just saying, that you can easily be owned even though you won't notice.
     
  19. Billy_Batts

    Billy_Batts Elite Member

    Joined:
    Dec 16, 2016
    Messages:
    1,952
    Likes Received:
    1,530
    Gender:
    Male
    Occupation:
    ♫♪.ılılıll|̲̅̅●̲̅̅|̲̅̅=̲̅̅|̲̅̅●̲̅̅|llılılı.♪♫
    Location:
    ı ̡̡͡|̲̲̲͡͡͡ ̲▫̲͡ ̲̲̲͡͡π̲̲͡͡ ̲̲͡▫̲̲͡͡ ̲|̡̡̡ *
    Home Page:
    Nope my security is within WP And server-side.
    The login I changed to my IP so no more tries there .