1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ugh site hacked, need help.

Discussion in 'Black Hat SEO' started by ahiddenman, Jan 7, 2012.

  1. ahiddenman

    ahiddenman Elite Member

    Joined:
    Dec 11, 2010
    Messages:
    2,647
    Likes Received:
    2,087
    Location:
    204.15.23.255
    Ask your host to restore from a backup :)
     
  2. jon_xx_x

    jon_xx_x Jr. VIP Jr. VIP

    Joined:
    Nov 15, 2008
    Messages:
    3,098
    Likes Received:
    1,455
    My wordpress site was hacked, was ranked #1 for a big keyword, was a week ago, and I just noticed fuuuuuck. I even pay someone to check all my sites twice a week, and of course he didn't do it in the last week.

    Usually they just put an index.html file in the main directory, (which they did to other sites o nthis account) but my main one, the hacker page still shows, even after I deleted the file. And there doesn't appear to be any other edited files in the directory. How did they do this? How can I fix it?
     
  3. jon_xx_x

    jon_xx_x Jr. VIP Jr. VIP

    Joined:
    Nov 15, 2008
    Messages:
    3,098
    Likes Received:
    1,455
    Okay I found it, was in the theme itself. Host doesn't have back up and my back up is old. I think I just need my password reset now actually.
     
  4. lablinks

    lablinks Senior Member

    Joined:
    Apr 22, 2010
    Messages:
    926
    Likes Received:
    171
    If you get your site hacked, that means there is a backdoor left somewhere. Hackers usually leave a code somewhere on your host to access it easily later on.

    You need to restore from backup or you need some really good programming skills to find the backdoor. Otherwise it's going to happen again & again.

    Additionally, you need to find where the venerability was, to close that door as well. Restoring a hacked host takes quite a lot of time. I just had to do it for a client & it took me 2 days of work to clean & patch the whole thing.

    I recommend you start with upload, image folders & look for something shady & the functions.php file.
     
  5. elitesystem

    elitesystem Junior Member

    Joined:
    Nov 17, 2009
    Messages:
    182
    Likes Received:
    19
    Google "prevent wordpress hacking" .. check out the very 1st website :) Follow the 14 tips, implement and you should be good.
     
  6. jon_xx_x

    jon_xx_x Jr. VIP Jr. VIP

    Joined:
    Nov 15, 2008
    Messages:
    3,098
    Likes Received:
    1,455
    Thanks. I'm just gonna upgrade this one and hope it's okay. These sites aren't updated,so I don't care if it gets hacked. If it gets hacked again, I'll restore my oldest backup.
    Thanks.
     
  7. michaelr1988

    michaelr1988 Regular Member

    Joined:
    Apr 25, 2011
    Messages:
    470
    Likes Received:
    307
    Location:
    UK
    If you are using wordpress, try using bulletproof security plugin and login lockdown.
     
    • Thanks Thanks x 1
  8. jon_xx_x

    jon_xx_x Jr. VIP Jr. VIP

    Joined:
    Nov 15, 2008
    Messages:
    3,098
    Likes Received:
    1,455
    I have about 100 wordpress sites, that will take forever. However, it might be a good idea.

    I'lll take a look thanks.
    *** Quick look, looks like a good idea.
     
  9. jon_xx_x

    jon_xx_x Jr. VIP Jr. VIP

    Joined:
    Nov 15, 2008
    Messages:
    3,098
    Likes Received:
    1,455
    Couple questions.
    My WP sites are still up and running fine.
    I've noticed my static html site's rankings have dropped.
    If i go info:mydomain.com I'm seeing totallyboner.com and the hackerpage that was on my page as well.
    Is there something going on that google is being redirected to a different site some how?
    My ranking went from #1 to #30.
     
  10. jon_xx_x

    jon_xx_x Jr. VIP Jr. VIP

    Joined:
    Nov 15, 2008
    Messages:
    3,098
    Likes Received:
    1,455
    bump.
     
  11. jon_xx_x

    jon_xx_x Jr. VIP Jr. VIP

    Joined:
    Nov 15, 2008
    Messages:
    3,098
    Likes Received:
    1,455
    My site is only about 8 pages, and is a static .html site.
    Would this not be able to be located by using FTP?
    I don't think I have SSH access.
     
  12. lelando

    lelando Junior Member

    Joined:
    May 13, 2011
    Messages:
    151
    Likes Received:
    61
    Hi

    What opperating system do you run on you're server/vps?
    log in via ssh and install rootkit hunter then scan you're server/vps to make sure its clean.



    1)Make sure you have set you're folder permissions right.
    2)check you're .htaccess file to se if it contains any line of code linking you to the hackers web page.
    3)I'd also recommend you to run suphp and apache suexec via WHM for additional security

    let me klnow if you need any help .

    cheers
    Lelando
     
  13. jon_xx_x

    jon_xx_x Jr. VIP Jr. VIP

    Joined:
    Nov 15, 2008
    Messages:
    3,098
    Likes Received:
    1,455
    Still need help on this.
    It;s just a small hosting account on hostable.com, which sucks.
    But my wordpress sites on the same account are doing fine, but this one is now ranked #35 on a very low comp keyword, and it's an EMD.
     
  14. sync11

    sync11 Newbie

    Joined:
    Oct 17, 2011
    Messages:
    48
    Likes Received:
    27
    google manageWP for managing multiple wp sites, you can try it for free.
     
  15. Chicilikit

    Chicilikit Senior Member

    Joined:
    Dec 21, 2010
    Messages:
    873
    Likes Received:
    153
    My WP sites got hacked few times, most important is not to store ftp passwords in ftp client you use and definetely is important to change them after attack. Also update wordpress and ask your hosting support to find all the malicious code for you. Bad code can be in every wp file, in themes, plugins, really just everywhere, very important is also htaccess. ยจ
    Look for code with this line text, very often it is bad code base64_decode
     
  16. KraftyKyle

    KraftyKyle Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Aug 13, 2008
    Messages:
    1,941
    Likes Received:
    4,609
    Gender:
    Male
    Location:
    Unknown
    You mentioned you pay someone to upload stuff twice a week? You don't see that as a problem? If someone has access to your hosting account or even FTP then can gain access to a WP blog.
     
  17. Lutherblissett

    Lutherblissett Regular Member

    Joined:
    Feb 10, 2008
    Messages:
    479
    Likes Received:
    178
    WP blows for this main reason. . . Its a gaping hole into your server if not updated and maintained. Once they breach your site. . .your done. It will often replicate inside a lot of your files. So even once you knock out the base 64 code (which its probably obfuscated in) your other files often have things in the footer. Plus if they got in through site1 (wp blog) and you have 50 other domains on that server. . . they are all possibly compromised as well.

    I got hit via a wp one time. . what i did was this. I created silos with different users isolating each and every wp blog. . then putting my other static sites together. . then waited. Since hackers are lazy i'd often find it showing its face in a new .htaccess file just redirecting all my traffic.

    If you silo your accounts you can see where the hacker actually got in and what he can actually access . . . by waiting till he strikes.

    Your other options. . go through hundreds of thousands of lines of code deleting everything, storing the files offline until its complete then reupping everything. . .

    ALSO . . . if your using filezilla, you better sweep your comp for the possibilty of a nasty little virus that hit you via that ftp client. . . you could do all that work only to find them back.

    If your lucky this guy was a novice and just breached on small thing. . you got it off and your free. . .if not .. prepare for a long haul
     
  18. drakeone6911

    drakeone6911 Newbie

    Joined:
    Feb 9, 2012
    Messages:
    4
    Likes Received:
    0
    There are a few security programs on the web that will actually scan all the files on your hosting account to look for code that's been added.
    OSE for Joomla is good and I imagine you can use it to scan WP files as well, but it runs on Joomla and it stop hack attempts pretty much dead in their tracks.
    I have a folder with over 2000 hack attempts it warned me about since I installed it like 3 months ago.
    Shared hosting accounts kinda suck for this very reason, they are prone to getting hacked.
     
  19. jon_xx_x

    jon_xx_x Jr. VIP Jr. VIP

    Joined:
    Nov 15, 2008
    Messages:
    3,098
    Likes Received:
    1,455
    It's not WP effected, just static HTML and it's like 5 pages. None of them are showing up as edited. There is no .htaccess file there either.
     
  20. Krazie

    Krazie Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 27, 2009
    Messages:
    266
    Likes Received:
    197
    Home Page:
    lol easy fix. I've dealt with this on a friends server before.