1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tired of malware in my websites

Discussion in 'Blogging' started by pulkitseo, Dec 23, 2016.

Tags:
  1. pulkitseo

    pulkitseo Senior Member

    Joined:
    Apr 25, 2013
    Messages:
    1,054
    Likes Received:
    136
    Hello,

    I hired guy for 50$ per annum for security but he fixes malware one day and it comes again next day.
    I am tired of it. none of my website is safe, i changed hosting to fix it again its haunting me in another hosting.
    i am using shared hosting.
    I have invested lot of money in my sites with no returns coming now fucked up with malwares.

    Can someone help me ?

    Thanks
     
  2. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,625
    Likes Received:
    34,784
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Do you use any nulled themes or plugins?

    There must be an overall security issue, if your current guy isn't solving it then you need to find somebody else.

    What hosting are you using? Check their reputation for security.
     
  3. Innovatorz

    Innovatorz Regular Member

    Joined:
    Sep 4, 2016
    Messages:
    371
    Likes Received:
    245
    Gender:
    Female
    Location:
    Internet
    Even if you use nulled themes, you shouldn't have malware. What is your website framed out of?
     
  4. miedy

    miedy Senior Member

    Joined:
    May 17, 2012
    Messages:
    1,081
    Likes Received:
    490
    what kind of malware? what are the effects?
     
  5. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,424
    Likes Received:
    8,125
    Here are my tips:

    1.Make sure each account has its own hosting - best for this is a reseller account so that each site is segregated. The way its often done is having addon domains and so one account gets hacked, they all get hacked.

    2.Don't use nulled themes or plugins - just because its a possible thing to go wrong.

    3.Dont have any plugins or themes enabled that you dont need.

    4.keep everything up to date.

    5.use wordfence and limit 3 login attempts then lock for 1 hour.

    6.Have a scheduled backup in place so that you can always recover easily and quickly IF you do get hacked (But its unlikely if you do all of the above).
     
    • Thanks Thanks x 3
  6. thebigweb

    thebigweb Regular Member

    Joined:
    Nov 19, 2007
    Messages:
    356
    Likes Received:
    135
    Location:
    The Moon
    Home Page:
    I've had many sites hacked over the years until I moved from shared hosting to a dedicated VPS. If you are on shared hosting the actual server can be compromised effecting all sites. Having a VPS gives you much more control. If your site is always getting hacked you may find that a 'backdoor' has been left behind giving the hackers full access whenever they want. It may come in the form of a stealthy named PHP file or even a PHP file that has been renamed to a JPG. My advice is this: -

    1) Scan your PC from rootkits or malware
    2) Change all your cPanel passwords
    3) Change your FTP passwords
    4) Lock-down Wordpress so only you can login from your IP. This can be done via .htaccess
    5) Restore the site from a good backup prior to the hacks (if you can't do that do step 6)
    6) Search each and everyone of your file including images (images maybe renamed PHP files). To speed this up see which files have been modified recently

    It can be a nightmare so you need to put in place measures to prevent this from happening. First step is getting your own VPS if you haven't already.
     
  7. pulkitseo

    pulkitseo Senior Member

    Joined:
    Apr 25, 2013
    Messages:
    1,054
    Likes Received:
    136
    No mate, i purchased it
    first i was using hostwinds now fast comet.
    Tnx
     
  8. pulkitseo

    pulkitseo Senior Member

    Joined:
    Apr 25, 2013
    Messages:
    1,054
    Likes Received:
    136
    last time it created thousands of pages ..now when i try guest postings many websites donot allow saying that it has virus or malware.
    Tnx
     
  9. Dennie

    Dennie Jr. VIP Jr. VIP

    Joined:
    Nov 16, 2016
    Messages:
    122
    Likes Received:
    29
    Gender:
    Male
    Most likely it will be something like a plugin and not the provider. Make sure you have long, safe passwords on everything. Use a plugin like iThemes Security, which auto bans ip's that try to brute force your login.

    Even better, use htaccess to whitelist only your own IP to be able to open the login page.
     
  10. pulkitseo

    pulkitseo Senior Member

    Joined:
    Apr 25, 2013
    Messages:
    1,054
    Likes Received:
    136
    agreed !
    can you suggest plugin which locks up all the ip except from the one i open ?
    VPS is expensive, i was thinking once i start earning i might shift to VPS, till now only Not even 20$ per month is coming hence waiting.
     
  11. thebigweb

    thebigweb Regular Member

    Joined:
    Nov 19, 2007
    Messages:
    356
    Likes Received:
    135
    Location:
    The Moon
    Home Page:
    You probably have a backdoor installed on there that's why you keep getting hacked. You need to change all your passwords, take the site off-line and scan / analyse each file. Look for Base64 encoded code with PHP anf html files. Even better, restore from a good backup. I've fixed so many sites like this I've lost count. You need to remove the backdoor code.
     
  12. W9go

    W9go Elite Member

    Joined:
    May 16, 2011
    Messages:
    5,210
    Likes Received:
    1,089
    Gender:
    Male
    Occupation:
    chasing girls
    Location:
    chasing girls
    if you use WP the plugins are quite risky as well ....
     
  13. pulkitseo

    pulkitseo Senior Member

    Joined:
    Apr 25, 2013
    Messages:
    1,054
    Likes Received:
    136
    Itheme security is already installed mate.
    Tnx
     
  14. pulkitseo

    pulkitseo Senior Member

    Joined:
    Apr 25, 2013
    Messages:
    1,054
    Likes Received:
    136
    I have changed passwords and all number of times, now i have hired a guy who is slow as we are dealing through fiverr
     
  15. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,625
    Likes Received:
    34,784
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
  16. pulkitseo

    pulkitseo Senior Member

    Joined:
    Apr 25, 2013
    Messages:
    1,054
    Likes Received:
    136
    plugins i install from dashboard of website search, no plugin outside that.
    Tnx
     
  17. Heisenberg

    Heisenberg Jr. VIP Jr. VIP

    Joined:
    Sep 11, 2014
    Messages:
    720
    Likes Received:
    375
    Occupation:
    Freelancer
    Location:
    Croatia
    Are you sure the guy you hired isn't doing it in order to keep getting paid? just throwing ideas.
     
  18. pulkitseo

    pulkitseo Senior Member

    Joined:
    Apr 25, 2013
    Messages:
    1,054
    Likes Received:
    136
  19. pulkitseo

    pulkitseo Senior Member

    Joined:
    Apr 25, 2013
    Messages:
    1,054
    Likes Received:
    136
    I don't think as he has to look for website for whole year .
    Tnx
     
  20. thebigweb

    thebigweb Regular Member

    Joined:
    Nov 19, 2007
    Messages:
    356
    Likes Received:
    135
    Location:
    The Moon
    Home Page:
    You need to make sure his machine is free from Malware. Many of the Malware out there sniffs FTP credentials and if his or your machine is infected your fighting a losing battle. By the way, you can pickup a VPS for as little as $10 these days, many even come with a free trial.