1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress hacked by.. the Bangladesh Grey Hat Hackers..?

Discussion in 'Blogging' started by zerofoxtrot, Dec 10, 2012.

  1. zerofoxtrot

    zerofoxtrot Senior Member

    Joined:
    Dec 17, 2011
    Messages:
    810
    Likes Received:
    539
    So I woke up and checked if CloudFlare would work properly on my new WordPress...
    Turns I ended up with a 403 error as I visited my website.

    Went into cPanel and saw a file named index.html_
    I have some backups standing-by, but how the heck did they hack my WordPress? I spent 3-4 hours installing security plug-ins and setting it up but WTF?! Anyway to trace their movements?
     
  2. IMMWilde

    IMMWilde Registered Member

    Joined:
    Nov 14, 2011
    Messages:
    54
    Likes Received:
    8
    Location:
    Latvia
    Many wp sites have been hacked via eval().
    Google it up.
     
    • Thanks Thanks x 1
  3. vishalgmistry

    vishalgmistry Regular Member

    Joined:
    Sep 25, 2008
    Messages:
    321
    Likes Received:
    520
    read this:
    Code:
    http://bit.ly/SKxRsM
     
  4. seoways

    seoways Jr. VIP Jr. VIP Premium Member UnGagged Attendee

    Joined:
    Dec 19, 2009
    Messages:
    4,649
    Likes Received:
    724
    Location:
    Behind you!
    Oops!! This type of hacking is occurring more common today,, once if the owner is aware of those strategies they can save their site or else they are supposed to face huge loss .. be cautious in all your tracking movements
     
  5. MetaBiz

    MetaBiz Newbie

    Joined:
    May 30, 2012
    Messages:
    8
    Likes Received:
    1
    Location:
    Chicago, IL
    I think they get in via plugin.

    I would export your WordPress posts and have your hosting company wipe everything and then change the password over the phone. Then add a fresh install of wordpress (using a different passwords - capital letters, symbols, and stuff) and rebuild/import the site using less plugins. Also, double check for key loggers.

    Worst case scenario... google crawls your site and detects malicious script. First, they will start to block traffic from google to your site, until you can prove the threat has been removed. If you wait too long, I think they remove you from the results all together. Good luck!
     
  6. cash202

    cash202 Elite Member Premium Member

    Joined:
    Mar 12, 2011
    Messages:
    1,801
    Likes Received:
    2,818
    Location:
    Sydney, Australia
    Home Page:
    These demands are outrageous ;)
     
  7. Feind

    Feind Junior Member

    Joined:
    Oct 6, 2009
    Messages:
    121
    Likes Received:
    20
    Occupation:
    DJ Music Producer & SEO Specialist
    Location:
    Italy
    Home Page:
    you should use an external cpanel backup as I do... pretty cheap and works good... at least you can restore your site pretty quick...
     
  8. delta_force

    delta_force Newbie

    Joined:
    Oct 18, 2011
    Messages:
    28
    Likes Received:
    7
    If you've used some "free wordpress themes" found with google and you haven't scanned them for exploits or encrypted code (base64) or you are using an outdated theme with the old timthumb with the security hole in it or you have installed tons of plugins from unknon sources - voala! The wordpress system itself is extremely difficult to be hacked but when you start adding tons of crap then everything can mess up. So:
    - Get themes only from trusted sources. Just type in google "never search for free wordpress themes" hit the first result and you will see what I'm talking about.
    - Careful with the plugins. None of the plugins are being checked for malwicious scripts and/or exploits. They are just tested if they work as described and then get published, that's all. The security responsibility is on you!
    - Always update your theme - I guess that there's no reason to explain why.
    - Do not use "admin" as a login. Create another user, grant him the privileges of the admin and delete the admin.

    This should do for a start. :)
     
    • Thanks Thanks x 1
  9. MixerDJ

    MixerDJ Regular Member

    Joined:
    Nov 20, 2012
    Messages:
    374
    Likes Received:
    147
    if you are in shared server they can do it even in dedicated server.wp and joomla is having lots of bugs and hackers are having exploits to hack them.so try to use custom script for your site.hackers can bypass cloudflare easily.so don't think that clodflare will protect your site.Hope this helps you.
     
  10. gullsinn

    gullsinn Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 24, 2009
    Messages:
    2,429
    Likes Received:
    2,210
    Gender:
    Male
    Occupation:
    Jobless :D
    Location:
    Graveyard
    Home Page:
    Bad News :( I hope everyone get his/her website back.
     
    • Thanks Thanks x 1
  11. Jenny30

    Jenny30 Regular Member

    Joined:
    Feb 2, 2012
    Messages:
    478
    Likes Received:
    32
    That's Bad news!! I hate that real bad!! :<
     
  12. Vic Sage

    Vic Sage Jr. VIP Jr. VIP

    Joined:
    Sep 5, 2010
    Messages:
    1,715
    Likes Received:
    2,110
    Gender:
    Male
    Occupation:
    Scientist Performing Marketing Experiments
    [​IMG]

    If they really wanted peace, they wouldn't have gone this far. Raising a war on the internet will do nothing but harming good people.

    If a dog bites you, you can't bite him back! I can remember a stupid war between Bangladeshis and Indians on the internet. 3 of my sites got hacked then. 2 by Indians, 1 by Bangladeshis (!!). From what I see, these guys are not from ANY country. They are just some douchebags talking about war by hiding in their locked room, staying up 24/7 in front of their rig and thinking they are working for their country. They don't know a thing about what's going outside.

    Though, it's true, what's happening to Rohingyas are shameful. The authorities are behaving like teenagers.

    P.S. I am from Bangladesh.
     
    Last edited: Dec 15, 2012
  13. tompots

    tompots Elite Member Premium Member

    Joined:
    Dec 11, 2011
    Messages:
    4,352
    Likes Received:
    3,955
    Gender:
    Male
    Occupation:
    Full Time Bot Developer
    Location:
    Professional Botters
    Home Page:
  14. Oukast

    Oukast Senior Member

    Joined:
    Jan 11, 2012
    Messages:
    832
    Likes Received:
    683
    Location:
    Under the palm tree
    This is the kind of bullcrap that really makes me go "fuck you and your people" - these little bitches whining about someone more skillful busting up their sites, so they go fucking up mine - now what the fuck did my people ever do to you? I know it's never good to talk about anything related to any country on such a broad level, but these guys really deserve all the shit they get...
     
  15. InternetMayhem

    InternetMayhem Regular Member

    Joined:
    Dec 30, 2011
    Messages:
    236
    Likes Received:
    22
    Location:
    California
    One of my clients landing pages got taken down by the same group, I found over 20 of their sites hosted on one machine. If they do it again to me I might have some fun with them...
     
  16. zerofoxtrot

    zerofoxtrot Senior Member

    Joined:
    Dec 17, 2011
    Messages:
    810
    Likes Received:
    539
    I've resolved the hacking problem. I switched over to a more secure webhost (from Zyma to Hostgator) and I didn't got hacked ever since. Put on Better WP Security on my WordPress and added my website to CloudFlare again.
     
  17. krishnaverma

    krishnaverma Power Member

    Joined:
    Nov 16, 2011
    Messages:
    620
    Likes Received:
    165
    Occupation:
    Student
    This is a bad news for sure. I do not check my own websites that often but I think that one should create back up after updating every post.
     
  18. SnowWar

    SnowWar Power Member

    Joined:
    Mar 3, 2012
    Messages:
    595
    Likes Received:
    48
    Occupation:
    Pure student :p
    Hacking established as a new trend which is not supported. Actually, hacker groups do this to show their strength.
     
  19. skadster

    skadster Junior Member

    Joined:
    Aug 6, 2011
    Messages:
    171
    Likes Received:
    49
    Location:
    Scotland
    Yeah, total suckage, I just found out one of my sites is now blacklisted. Checked two others, not blacklisted yet, but are infected with the same virus: MW:EXPLOITKIT:BLACKHOLE1. I've contacted my host, hopefully get some help.

    I'm glad you had backups, my backups are on a laptop that had drink split on it about ten days ago. Probably not retrievable, and even then, they may be infected too. I should have been backing up to dropbox, silly me.
     
  20. cr0n1k

    cr0n1k Registered Member

    Joined:
    May 13, 2010
    Messages:
    71
    Likes Received:
    23
    Location:
    UK
    Lol blackhole is public exploit pack all they do is iframe your website then which exploits your traffic and will put worm/virus on there system its only like 10% infect rate though look through ur index pages