Someone is messing with my site help!!!

bigballin6161

Senior Member
Joined
Jul 16, 2011
Messages
1,138
Reaction score
431
I just looked at my analytics for my main site for my offline business which I am number 1. I usually get about 20 visitors a day today it was 150! Also it was direct traffic. They only stayed on my page for a second which majorly brought down my avg time spent on site and majorly increased my bounce rate. Are they trying to get me sandboxed? What are they trying to do? What the hell do I do? Help please!!!

All 150 were coming from California and my offline business is in Canada WTF?
 
Last edited:
Why does the traffic matter if you are an offline business? If you are marketing to the high-end companies then online lead generation is not for you. Anyways just check what files they viewed, they were likely trying to find a loophole to hack your site.
 
Its for my own offline business that no one would be looking at unless they are in my city....they were only on my site for a second each time. Wont the drastic change in bounce rate and time spent on site hurt me? How do you check the files and how do you know if your hacked? I just noticed I got an email for my backup from an email I didnt create... from wordpressatmysite.com Have I been hacked?
 
Last edited:
That seems pretty strange. It it keeps up, try blocking traffic from California. I don't know what you can really do about it.
 
I just looked at my analytics for my main site for my offline business which I am number 1. I usually get about 20 visitors a day today it was 150! Also it was direct traffic. They only stayed on my page for a second which majorly brought down my avg time spent on site and majorly increased my bounce rate. Are they trying to get me sandboxed? What are they trying to do? What the hell do I do? Help please!!!

All 150 were coming from California and my offline business is in Canada WTF?

same problem here too but about 400 direct traffic.
 
Maybe you are building up some bookmarks over time?
 
I dunno I just think its weird. I also got a email for my database backup that is usually from bluehost but today its from wordpressatmysite.com. I never even created an email addy like that and there is none. Am I being paranoid or WTF. The guy at Bluehost recommended wewatchyourwebsite.com. It looks pretty good think im gonna get it so I can get some damn sleep tonite!
 
Last edited:
Ya I got the same thing the other day. All from the same source. I would expect it was from someone trying to hack the site. I also blasted some chicks site and she was pissed so I think she was trying to revenge haha
 
Have you done a IPWHOIS lookup on the address to see who owns it?
 
This happens from time to time with my sites as well. Might be a scanner for security holes, as someone already suggested.
 
Did you install any plugins(other than through the seach function) lately?
most of the hackers use plugins and attach a backdoor file to it.
 
How can we tell if the site was actually hacked?


It could be easy or it could be really hard, it really depends on what they have done to your site, your coding skills and how obvious it is. If you are not familiar with what the source code is supposed to look like the chances of you finding anything is slim. The easiest thing to do is delete your site and then upload your clean backup that you have saved on your home computer (you have one right??) Takes 10-20 minutes depending on your internet connection and then you know you have a clean site.

The first thing you need to do though is check the IP address where all the visits are coming from and see if you really do have a problem or not. For all you know it could be Google. Second if the IP block does look suspicious and they are not going to be customers of yours block them.


If you are using WP then you should do a few things to harden your site.

1. Setup a .htacess file in your admin directory and block all IP addresses except yours.

2. Change the default wp_ table prefix to something random.

3. Make sure the admin username is not visible anywhere on the site. Some templates make it visible by default so you may need to manually change the nicename field to match the display name instead of the username.

4. Change your admin username and passwords to something more secure. Multiple word usernames and a minimum 14 character password that includes special characters.

5. Look at the plugins you have installed, if you are not really using them then delete them. Same goes for extra themes.

6. Make sure your file permissions are correct so that write permissions are not given unless absolutely needed.

7. Instead of having your wp config file in your public html folder move it up one level to your home directory. You do not need to do anything special for wordpress to find it there it will look up one level by default if it does not find it in the public html folder. Removing it from the public html folder makes it much harder for anyone to access it.
 
Sorry - my bad - that site sucks...

try this one..

hxxp://www.ipwhois. info/
 
How do you tell if they got into your site?

It really depends on how familiar you are with php code (assuming you are using WP). If you are not then as I said earlier your best bet if you think you may have been hacked is to just replace your files with copies you know are clean.
 
How do you tell if they got into your site?

The best way is to check the webserver logs - see exactly what urls they accessed...

You might find that they tried some xxs or sql injection attacks, should be pretty obvious from the urls they're attemping to access.

Interesting reading: hxxp://www.exploit-db. com/
 
Back
Top