1. This website uses cookies to improve service and provide a tailored user experience. By using this site, you agree to this use. See our Cookie Policy.
    Dismiss Notice

Strange issue with one of my sites. Anybody knows what this is?

Discussion in 'Web Design' started by Dr. Reddit, Jun 18, 2019.

Thread Status:
Not open for further replies.
  1. Dr. Reddit

    Dr. Reddit Jr. VIP Jr. VIP

    Joined:
    Jan 20, 2018
    Messages:
    550
    Likes Received:
    116
    Gender:
    Male
    Hi

    Not sure if it's the right section to post in or not.. Mod please move it if I did a mistake with it..

    I just tried accessing one of my new websites.. It's a new site on an offshore hosting and not even complete yet.. and I was greeted with this skull:
    [​IMG]

    On using google translate I found it's written in Portugese and in English means:
    "Corrupt system, I came back to play with you! NewSec!"

    Does anyone what this thing is? Have never faced anything like this before?

    Thanks
     
    • Thanks Thanks x 1
  2. MisterF

    MisterF Moderator Staff Member Moderator Jr. VIP

    Joined:
    Nov 29, 2009
    Messages:
    18,778
    Likes Received:
    23,505
    Occupation:
    Conference Organiser, Business Advisor.,
    Location:
    JADIP
    Home Page:
    You've been hacked by some scumbag.
     
    • Thanks Thanks x 3
  3. Dr. Reddit

    Dr. Reddit Jr. VIP Jr. VIP

    Joined:
    Jan 20, 2018
    Messages:
    550
    Likes Received:
    116
    Gender:
    Male
    Dang :weep: Will probably need to get rid of this hosting.
     
  4. MisterF

    MisterF Moderator Staff Member Moderator Jr. VIP

    Joined:
    Nov 29, 2009
    Messages:
    18,778
    Likes Received:
    23,505
    Occupation:
    Conference Organiser, Business Advisor.,
    Location:
    JADIP
    Home Page:
    Check the log in etc, it might not just be the hosting.

    Do you have Askimet or Wordfence on the site?
     
    • Thanks Thanks x 1
  5. Mr Positive

    Mr Positive Jr. VIP Jr. VIP

    Joined:
    Mar 30, 2018
    Messages:
    2,963
    Likes Received:
    1,144
    Gender:
    Male
    Occupation:
    your BST link on my homepage space pm me
    Location:
    In exchange for a review link.
    Home Page:
    Yea your site is hacked, if it’s a wp choose SiteGround or Wpx, if you can access your wp admin install wordfence or ask your hosting to delete it, and then install it from scratch
     
    • Thanks Thanks x 1
  6. SocialManager

    SocialManager Jr. VIP Jr. VIP

    Joined:
    Nov 26, 2018
    Messages:
    1,471
    Likes Received:
    1,332
    Gender:
    Male
    Occupation:
    Virtual Assistant
    Location:
    Vancouver, Canada
    Home Page:
    Very strange to be targeted on a new site. Is the domain some expired domain?

    What software did you have installed on it, if anything? Wordpress? Am I stupid because I don't see you even saying it's Wordpress...

    I would contact the host directly and ask for some assistance, because to be targeted on a new site seems like it may be connected to some software to do with the host. Or did you advertise it somewhere shady? Or install some weird plugin?

    Off-shore hosting makes me think some strange nulled theme or CMS being used.
     
    • Thanks Thanks x 1
  7. Dr. Reddit

    Dr. Reddit Jr. VIP Jr. VIP

    Joined:
    Jan 20, 2018
    Messages:
    550
    Likes Received:
    116
    Gender:
    Male
    Didn't have them. But just installed. Able to access the wordpress admin panel without any issues.

    Yeah.. doing that.

    No bro. Totally new domain. Didn't have any other sites running on this host either.

    It's wordpress. Sorry, forgot mentioning that.
    No bro. Nothing. Had just Divi installed and 2 pages. Hadn't even touched the site since 2 days. Opened it to be greeted with this shit.
     
    • Thanks Thanks x 1
  8. Geasy

    Geasy Jr. VIP Jr. VIP

    Joined:
    Jul 26, 2016
    Messages:
    1,829
    Likes Received:
    1,877
    Did you leave the credentials on the default of WordPress (admin, password)?

    I also got hacked like 3-4 years ago on some sites that I just created for indexing and I didn't change password at all. Maybe this could be the reason?

    Second reason could be the theme, or the hosting account has been hacked.
     
    • Thanks Thanks x 1
  9. 67MAD54

    67MAD54 Regular Member

    Joined:
    Dec 8, 2013
    Messages:
    314
    Likes Received:
    108
    Gender:
    Male
    Location:
    EU
    • Thanks Thanks x 3
  10. Dr. Reddit

    Dr. Reddit Jr. VIP Jr. VIP

    Joined:
    Jan 20, 2018
    Messages:
    550
    Likes Received:
    116
    Gender:
    Male
    No. The login credentials weren't in default. It's the probably the second reason then.
     
  11. SocialManager

    SocialManager Jr. VIP Jr. VIP

    Joined:
    Nov 26, 2018
    Messages:
    1,471
    Likes Received:
    1,332
    Gender:
    Male
    Occupation:
    Virtual Assistant
    Location:
    Vancouver, Canada
    Home Page:
    Can just be a coincidence, but when I searched Divi Theme Hacked, the second result was this blog entry from just March 16 2019:

    https://www.studiorav.co.uk/divi-security-update/

    I am still very interested in how they targeted you. For me, I think the theme is the most clear vulnerability. But, to get targeted with a new domain and fresh install, it makes me think it's related to the hosting. I don't think we will ever get full answers for it.
     
    • Thanks Thanks x 1
  12. MisterF

    MisterF Moderator Staff Member Moderator Jr. VIP

    Joined:
    Nov 29, 2009
    Messages:
    18,778
    Likes Received:
    23,505
    Occupation:
    Conference Organiser, Business Advisor.,
    Location:
    JADIP
    Home Page:

    I use these and they're great for free checks.

    OP's requested this closed as his questions have been answered. Thanks for the replies guys.
     
    • Thanks Thanks x 1
Thread Status:
Not open for further replies.