1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Please help, someone is trying to hack my site.

Discussion in 'BlackHat Lounge' started by Markthedude, Sep 6, 2011.

  1. Markthedude

    Markthedude Power Member

    Joined:
    Feb 26, 2010
    Messages:
    572
    Likes Received:
    268
    Occupation:
    Entrepreneur
    Location:
    United States
    I keep getting altered that someone is trying to get into my wordpress site. I found a thread on here that I will list at the end but the guy mentioned a plugin called "Firewall 2" and so I installed it along with a bunch of other plugins. But last night and just now I got an email telling me that an attack was blocked.

    I don't know if anyone has seen this before but this is appearing at the end of my url(s) that the guy is using. engine/ajax/keywords.php

    Example: Mysite.com/my-awesome-page
    After the attack I get an email saying that the blocked attack came from: Mysite.com/my-awesome-page/engine/ajax/keywords.php

    WTF? Does that mean there IS a file he got put on my server and is trying the execute? I know that the person is using proxies but I have the IP from where both the attacks came from.

    Here is code that the report gave me:

    Ok, so I found this thread on here a week or so ago and I'm glad I did!

    http://www.blackhatworld.com/blackh...t-secure-your-wp-bastards-noobs-not-only.html

    But now that there have been 2 attacks in less than 12 hours I'm starting to get nervous a little. Has anyone experienced this before?
     
    Last edited: Sep 6, 2011
  2. Markthedude

    Markthedude Power Member

    Joined:
    Feb 26, 2010
    Messages:
    572
    Likes Received:
    268
    Occupation:
    Entrepreneur
    Location:
    United States
    I went here: http://www.tools4noobs.com/online_php_functions/base64_decode/

    And decoded the base64 and this is the domain I was able to get out the code.

    dogiserver(dot)com

    I tried to do a whois so I could report to the hosting company what's going on but like I suspected the Whois information is private.
     
  3. Webghopper

    Webghopper Registered Member

    Joined:
    May 26, 2011
    Messages:
    70
    Likes Received:
    19
    Good thing it was blocked
     
  4. cocoholo

    cocoholo Regular Member

    Joined:
    May 4, 2008
    Messages:
    361
    Likes Received:
    218
    Occupation:
    seeker
    Location:
    Earth
    just make sure all your plugins are up-to-date. most blogs that get hacked are those using questionable plugins and themes
     
  5. Markthedude

    Markthedude Power Member

    Joined:
    Feb 26, 2010
    Messages:
    572
    Likes Received:
    268
    Occupation:
    Entrepreneur
    Location:
    United States
    Just went through and all of them are up to date and I don't have more then just the essential ones installed, just to limit the amount of risk.

    Thanks for the reminder on checking. Guess there is not much more to do then :)
     
  6. cocoholo

    cocoholo Regular Member

    Joined:
    May 4, 2008
    Messages:
    361
    Likes Received:
    218
    Occupation:
    seeker
    Location:
    Earth
    right. you should expect these things to happen. i trust you're backing up your wordpress site, if not, have a look at xcloner.
     
  7. Markthedude

    Markthedude Power Member

    Joined:
    Feb 26, 2010
    Messages:
    572
    Likes Received:
    268
    Occupation:
    Entrepreneur
    Location:
    United States
    I have been doing backups but just through my cpanel.

    Just installed Xcloner now too and going through the settings. Never even heard of it until now, thanks! :)