1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Someone is messing with my site help!!!

Discussion in 'Black Hat SEO' started by bigballin6161, Dec 2, 2011.

  1. bigballin6161

    bigballin6161 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 16, 2011
    Messages:
    1,094
    Likes Received:
    423
    I just looked at my analytics for my main site for my offline business which I am number 1. I usually get about 20 visitors a day today it was 150! Also it was direct traffic. They only stayed on my page for a second which majorly brought down my avg time spent on site and majorly increased my bounce rate. Are they trying to get me sandboxed? What are they trying to do? What the hell do I do? Help please!!!

    All 150 were coming from California and my offline business is in Canada WTF?
     
    Last edited: Dec 2, 2011
  2. tubeincreaser

    tubeincreaser Regular Member

    Joined:
    Jul 24, 2008
    Messages:
    391
    Likes Received:
    140
    Why does the traffic matter if you are an offline business? If you are marketing to the high-end companies then online lead generation is not for you. Anyways just check what files they viewed, they were likely trying to find a loophole to hack your site.
     
    • Thanks Thanks x 1
  3. bigballin6161

    bigballin6161 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 16, 2011
    Messages:
    1,094
    Likes Received:
    423
    Its for my own offline business that no one would be looking at unless they are in my city....they were only on my site for a second each time. Wont the drastic change in bounce rate and time spent on site hurt me? How do you check the files and how do you know if your hacked? I just noticed I got an email for my backup from an email I didnt create... from wordpressatmysite.com Have I been hacked?
     
    Last edited: Dec 2, 2011
  4. lineguy

    lineguy Registered Member

    Joined:
    Apr 21, 2010
    Messages:
    70
    Likes Received:
    23
    That seems pretty strange. It it keeps up, try blocking traffic from California. I don't know what you can really do about it.
     
  5. trafficsource

    trafficsource Power Member

    Joined:
    May 22, 2009
    Messages:
    798
    Likes Received:
    1,156
    Occupation:
    IM
    Location:
    Baltic States
    same problem here too but about 400 direct traffic.
     
  6. orbit

    orbit Regular Member

    Joined:
    Nov 1, 2007
    Messages:
    372
    Likes Received:
    68
    Maybe you are building up some bookmarks over time?
     
  7. bigballin6161

    bigballin6161 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 16, 2011
    Messages:
    1,094
    Likes Received:
    423
    I dunno I just think its weird. I also got a email for my database backup that is usually from bluehost but today its from wordpressatmysite.com. I never even created an email addy like that and there is none. Am I being paranoid or WTF. The guy at Bluehost recommended wewatchyourwebsite.com. It looks pretty good think im gonna get it so I can get some damn sleep tonite!
     
    Last edited: Dec 2, 2011
  8. Dan Da Man

    Dan Da Man Elite Member Premium Member

    Joined:
    May 31, 2011
    Messages:
    1,850
    Likes Received:
    937
    Occupation:
    Duh
    Location:
    San Diego
    Home Page:
    Ya I got the same thing the other day. All from the same source. I would expect it was from someone trying to hack the site. I also blasted some chicks site and she was pissed so I think she was trying to revenge haha
     
  9. bigballin6161

    bigballin6161 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 16, 2011
    Messages:
    1,094
    Likes Received:
    423
    How can we tell if the site was actually hacked?
     
  10. poshtiger

    poshtiger Registered Member

    Joined:
    Sep 23, 2011
    Messages:
    66
    Likes Received:
    12
    Have you done a IPWHOIS lookup on the address to see who owns it?
     
  11. RMX

    RMX Power Member

    Joined:
    Nov 16, 2009
    Messages:
    726
    Likes Received:
    384
    Occupation:
    Network Security Admin
    Location:
    London, UK
    Home Page:
    This happens from time to time with my sites as well. Might be a scanner for security holes, as someone already suggested.
     
    • Thanks Thanks x 1
  12. jairathnem

    jairathnem Power Member

    Joined:
    Oct 27, 2010
    Messages:
    550
    Likes Received:
    316
    Occupation:
    Student
    Location:
    Incredible India!
    Home Page:
    Did you install any plugins(other than through the seach function) lately?
    most of the hackers use plugins and attach a backdoor file to it.
     
    • Thanks Thanks x 1
  13. volund

    volund Senior Member

    Joined:
    Jan 24, 2010
    Messages:
    1,159
    Likes Received:
    729
    Occupation:
    Trying to make a buck or two

    It could be easy or it could be really hard, it really depends on what they have done to your site, your coding skills and how obvious it is. If you are not familiar with what the source code is supposed to look like the chances of you finding anything is slim. The easiest thing to do is delete your site and then upload your clean backup that you have saved on your home computer (you have one right??) Takes 10-20 minutes depending on your internet connection and then you know you have a clean site.

    The first thing you need to do though is check the IP address where all the visits are coming from and see if you really do have a problem or not. For all you know it could be Google. Second if the IP block does look suspicious and they are not going to be customers of yours block them.


    If you are using WP then you should do a few things to harden your site.

    1. Setup a .htacess file in your admin directory and block all IP addresses except yours.

    2. Change the default wp_ table prefix to something random.

    3. Make sure the admin username is not visible anywhere on the site. Some templates make it visible by default so you may need to manually change the nicename field to match the display name instead of the username.

    4. Change your admin username and passwords to something more secure. Multiple word usernames and a minimum 14 character password that includes special characters.

    5. Look at the plugins you have installed, if you are not really using them then delete them. Same goes for extra themes.

    6. Make sure your file permissions are correct so that write permissions are not given unless absolutely needed.

    7. Instead of having your wp config file in your public html folder move it up one level to your home directory. You do not need to do anything special for wordpress to find it there it will look up one level by default if it does not find it in the public html folder. Removing it from the public html folder makes it much harder for anyone to access it.
     
    • Thanks Thanks x 1
  14. bigballin6161

    bigballin6161 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 16, 2011
    Messages:
    1,094
    Likes Received:
    423
    How do I do this?
     
    • Thanks Thanks x 1
  15. poshtiger

    poshtiger Registered Member

    Joined:
    Sep 23, 2011
    Messages:
    66
    Likes Received:
    12
    hxxp://www.ip-adress. com/ whois/
     
    • Thanks Thanks x 1
  16. bigballin6161

    bigballin6161 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 16, 2011
    Messages:
    1,094
    Likes Received:
    423
    How do you tell if they got into your site?
     
  17. volund

    volund Senior Member

    Joined:
    Jan 24, 2010
    Messages:
    1,159
    Likes Received:
    729
    Occupation:
    Trying to make a buck or two
    Go to dnsstuff.com or another site that does whois lookups and just enter in the IP address instead of a domain name.
     
  18. poshtiger

    poshtiger Registered Member

    Joined:
    Sep 23, 2011
    Messages:
    66
    Likes Received:
    12
    Sorry - my bad - that site sucks...

    try this one..

    hxxp://www.ipwhois. info/
     
  19. volund

    volund Senior Member

    Joined:
    Jan 24, 2010
    Messages:
    1,159
    Likes Received:
    729
    Occupation:
    Trying to make a buck or two
    It really depends on how familiar you are with php code (assuming you are using WP). If you are not then as I said earlier your best bet if you think you may have been hacked is to just replace your files with copies you know are clean.
     
    • Thanks Thanks x 1
  20. poshtiger

    poshtiger Registered Member

    Joined:
    Sep 23, 2011
    Messages:
    66
    Likes Received:
    12
    The best way is to check the webserver logs - see exactly what urls they accessed...

    You might find that they tried some xxs or sql injection attacks, should be pretty obvious from the urls they're attemping to access.

    Interesting reading: hxxp://www.exploit-db. com/
     
    • Thanks Thanks x 1