Please help, someone is trying to hack my site.

Discussion in 'BlackHat Lounge' started by Markthedude, Sep 6, 2011.

  1. Markthedude

    Markthedude Power Member

    Joined:
    Feb 26, 2010
    Messages:
    572
    Likes Received:
    269
    Occupation:
    Entrepreneur
    Location:
    United States
    I keep getting altered that someone is trying to get into my wordpress site. I found a thread on here that I will list at the end but the guy mentioned a plugin called "Firewall 2" and so I installed it along with a bunch of other plugins. But last night and just now I got an email telling me that an attack was blocked.

    I don't know if anyone has seen this before but this is appearing at the end of my url(s) that the guy is using. engine/ajax/keywords.php

    Example: Mysite.com/my-awesome-page
    After the attack I get an email saying that the blocked attack came from: Mysite.com/my-awesome-page/engine/ajax/keywords.php

    WTF? Does that mean there IS a file he got put on my server and is trying the execute? I know that the person is using proxies but I have the IP from where both the attacks came from.

    Here is code that the report gave me:

    Ok, so I found this thread on here a week or so ago and I'm glad I did!

    http://www.blackhatworld.com/blackh...t-secure-your-wp-bastards-noobs-not-only.html

    But now that there have been 2 attacks in less than 12 hours I'm starting to get nervous a little. Has anyone experienced this before?
     
    Last edited: Sep 6, 2011
  2. Markthedude

    Markthedude Power Member

    Joined:
    Feb 26, 2010
    Messages:
    572
    Likes Received:
    269
    Occupation:
    Entrepreneur
    Location:
    United States
    I went here: http://www.tools4noobs.com/online_php_functions/base64_decode/

    And decoded the base64 and this is the domain I was able to get out the code.

    dogiserver(dot)com

    I tried to do a whois so I could report to the hosting company what's going on but like I suspected the Whois information is private.
     
  3. Webghopper

    Webghopper Registered Member

    Joined:
    May 26, 2011
    Messages:
    70
    Likes Received:
    19
    Good thing it was blocked
     
  4. cocoholo

    cocoholo Regular Member

    Joined:
    May 4, 2008
    Messages:
    378
    Likes Received:
    233
    Occupation:
    seeker
    Location:
    Earth
    just make sure all your plugins are up-to-date. most blogs that get hacked are those using questionable plugins and themes
     
  5. Markthedude

    Markthedude Power Member

    Joined:
    Feb 26, 2010
    Messages:
    572
    Likes Received:
    269
    Occupation:
    Entrepreneur
    Location:
    United States
    Just went through and all of them are up to date and I don't have more then just the essential ones installed, just to limit the amount of risk.

    Thanks for the reminder on checking. Guess there is not much more to do then :)
     
  6. cocoholo

    cocoholo Regular Member

    Joined:
    May 4, 2008
    Messages:
    378
    Likes Received:
    233
    Occupation:
    seeker
    Location:
    Earth
    right. you should expect these things to happen. i trust you're backing up your wordpress site, if not, have a look at xcloner.
     
  7. Markthedude

    Markthedude Power Member

    Joined:
    Feb 26, 2010
    Messages:
    572
    Likes Received:
    269
    Occupation:
    Entrepreneur
    Location:
    United States
    I have been doing backups but just through my cpanel.

    Just installed Xcloner now too and going through the settings. Never even heard of it until now, thanks! :)