1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Site got hacked I need some suggestions

Discussion in 'BlackHat Lounge' started by Mrnewbie, Jun 8, 2016.

  1. Mrnewbie

    Mrnewbie Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 8, 2009
    Messages:
    560
    Likes Received:
    851
    Gender:
    Male
    Location:
    NY
    Woke up this morning and I see this
    /Hacked By Kill3r &Motti &Fadi Tnx & Mr.O.Jz& dark knight &farouk general
    My site is on wordpress so I am figuring just install and reinstall but I am not so sure. Any suggestions would be great. Thanks for your time.
     
  2. Henry04

    Henry04 BANNED BANNED

    Joined:
    Jul 7, 2010
    Messages:
    253
    Likes Received:
    32
    It will be most likely because of your theme or one of the plugins, if you just reinstall it, it will be hacked again in no time.
     
    • Thanks Thanks x 1
  3. GoldenWarrior

    GoldenWarrior Senior Member

    Joined:
    Jul 3, 2013
    Messages:
    969
    Likes Received:
    122
    Gender:
    Male
    Occupation:
    Finding Black Hat Method
    Try to change your theme. Maybe they hacked theme.
     
    • Thanks Thanks x 1
  4. ChrisX

    ChrisX Jr. VIP Jr. VIP

    Joined:
    Oct 8, 2011
    Messages:
    280
    Likes Received:
    141
    Gender:
    Male
    Home Page:
    Your whole account could be infected so better clean everything not just wordpress.
    If you're on shared hosting they might be able to help you. Otherwise do a fresh reinstall.
     
    • Thanks Thanks x 1
  5. searchquery

    searchquery BANNED BANNED

    Joined:
    Jun 6, 2016
    Messages:
    57
    Likes Received:
    3
    Gender:
    Male
    fresh reinstall is the way to go.
     
  6. plut0

    plut0 Regular Member

    Joined:
    Aug 2, 2008
    Messages:
    263
    Likes Received:
    60
    see your log... make sure you have proper permission for every file.
     
    • Thanks Thanks x 1
  7. searchquery

    searchquery BANNED BANNED

    Joined:
    Jun 6, 2016
    Messages:
    57
    Likes Received:
    3
    Gender:
    Male
    fresh reinstall is the way to go.
     
    • Thanks Thanks x 1
  8. pandasfriend

    pandasfriend Junior Member

    Joined:
    Jan 19, 2016
    Messages:
    141
    Likes Received:
    38
    Here is the the way I deal with such things:

    1. Backup mysql database.
    2. Delete wp-admin and wp-includes folders, also all files in the root and leave only wp-config.php(also download it for backup) and wp-content folder. Upload deleted folders and root files from latest wordpress.
    3. Delete all themes in wp-content then reupload a non-hacked files of your current theme. If you know php/html you can also check your theme files and look for code hacker inserted. Also check content of wp-content folder and see if any unusuall files are there, you can also spot them by "last modified date".
    4. Of course every case is different, but most of the time on such hacks where site is defaced, hackers only modified your theme and that's it, so delete and reupload theme files from your back up and see if it helps, and of course don't forget to always have your wp install up to date.

    Hope this helps.
     
    • Thanks Thanks x 1
  9. Mrnewbie

    Mrnewbie Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 8, 2009
    Messages:
    560
    Likes Received:
    851
    Gender:
    Male
    Location:
    NY
    Thanks everyone I will do what you guys have stated as my site is on shared hosting so I think deleting the wp-admin and the folders is the way to go. I will also check the theme too.
     
  10. Anonymously

    Anonymously Jr. VIP Jr. VIP

    Joined:
    Apr 23, 2016
    Messages:
    419
    Likes Received:
    119
    Home Page:
    From now on, always update your plugins and Wordpress versions. Have a two-way verification process when accessing your Wordpress admin panel as well.

    Most importantly though is to always have backups. You can easily setup an automatic backup system that will create backups of all your data on a daily basis.
     
    • Thanks Thanks x 1
  11. Mrnewbie

    Mrnewbie Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 8, 2009
    Messages:
    560
    Likes Received:
    851
    Gender:
    Male
    Location:
    NY
    Thank you guys its interesting as I contacted asmallorange they told me to get sitelock lol. I will just follow the advice on the thread.
     
  12. christianbed

    christianbed Jr. VIP Jr. VIP

    Joined:
    Aug 17, 2011
    Messages:
    1,403
    Likes Received:
    919
    Location:
    alert("Make Money")
    Home Page:
    I had a client I built a site for...he turned down the ongoing maintenance package I offer, so I told him to keep it updated. About a year later, he sent me an email to say he'd been hacked (I always buy themes/plugins from the developers, because free downloaded themes/plugins are almost always filled with malicious code)...anyway, yeah, he'd not updated the theme or any plugins in that entire period.

    The guy is loaded, has a thriving business, and internet famous in his niche, but he decided to be cheap when it came to his site's future health. It took a couple days to weed out all the issues and get him back online again...ended up paying more in cleanup and lost business than if he'd just gone with the maintenance programme. Penny wise and pound foolish.

    Not trying to kick you when you're down, OP, but the moral of the story is to keep your themes/plugins updated. It won't always prevent hacks, but it will certainly reduce their frequency.
     
  13. Mrnewbie

    Mrnewbie Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 8, 2009
    Messages:
    560
    Likes Received:
    851
    Gender:
    Male
    Location:
    NY
    I bought the theme I am guessing it was the plugins but I have yet to confirm it yet. Its a good lesson as I think having a two way verification along with stronger passwords and updating wordpress more will also be of great help. Thanks @christianbed
     
  14. mikeid77

    mikeid77 Registered Member

    Joined:
    Oct 28, 2007
    Messages:
    96
    Likes Received:
    19
    I'd also consider:

    - Using wordfence plugin and signing up for their emails. They are not perfect, but they do email you when serious exploits on different plugins etc are discovered. Also, I believe you can set it to scan your plugins against the WP repository (obviously only for plugins that are actually on the WP repo!).

    - Do one of these (not all)
    --- Password protect wp-admin & wp-login.php via htaccess (will mean a double log-in, a pain for some, other people don't mind! Not useful if you require commentors to log-in! But just use diquss then you're OK).
    --- Rename wp-admin/wp-login.php so it's harder to find (there's a plugin for this called rename wp-login.php or something similar)
    --- Restrict access to wp-admin/wp-login.php to a set IP (useful if only you need access and you use a VPN with a static IP, but be careful not to lock yourself out - Just re-edit .htaccess if you do though :p)
    --- Restrict access as in the last one above, to an IP range (you can get IP ranges for different countries on a few online sites - Google it. Restrict access to your country via .htaccess, or Wordfence premium I think can do this too)

    -
    Remove WP version number etc (I think YOAST has options for this?)

    -
    Keep a bit of an eye on here: https://wordpress.org/news/category/security/

    - Ask your host about installing maldet or AVClam (if they don't already have it) and scheduling daily scans with email alerts going to your email

    Just a few ideas ;)
     
    • Thanks Thanks x 1
  15. Mrnewbie

    Mrnewbie Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 8, 2009
    Messages:
    560
    Likes Received:
    851
    Gender:
    Male
    Location:
    NY
    Absolutely brilliant and I will implement them as I am stuck at work but when I get home will just put them into play. Thanks for taking the time out to help!