Wordpress, Malware Hacks, and Hosting! ADVICE needed...

by Dayne Dylan Banned
9 replies
Hey Warriors,

I have an account at Hostgator and I have several addon domains in my account. All my sites are on Wordpress.

Lately, I've been getting notices from Google saying that my sites have Malware on them. This happened a few weeks ago on a few domains, so I made sure to go into my sites and keep everything updated (Wordpress, themes, plugins) and also added security like WordFence.

Well, today I got 3 more emails from Google saying Malware.

I've tried to restore my sites with backups created in Code Guard, but they won't work because it says "We could not open a connection to your WordPress database just now." So I wonder if my DB are compromised as well, or maybe my main cpanel to my account? Ugh.

I'm trying to work with Hostgator but it's been a royal pain to say the least. Not getting anywhere.

ALL I want is for things to get fixed, cleaned and restored correctly...and finally, future protection.

- Question #1: What should I do first?

- Question #2: Is there a better hosting option/company I should consider to keep things more secure?

- Question #3: Is using a service like Sucuri worth getting for my most important domains/sites?

Much thanks in advance.

And if I've posted this in the wrong forum here, mods feel free to move it to the most appropriate one.

Thank you!
#advice #hacks #hosting #malware #needed #wordpress
  • Profile picture of the author Jason Kanigan
    -install the wordfence plugin, which I see you have; that should take care of 99% of problems. Make sure the repository checking for plugins option is on.

    -make sure the notices are genuine and not phishing

    -get confirmation from your host--if my sites get malware on them, my host tells me about that, not google.


    All the problems I've ever had were from uploads via plugins. Someone used a contact form to send emails from my site. Another time malware kept reinstalling itself after the host undid it.
    {{ DiscussionBoard.errors[10374101].message }}
    • Profile picture of the author Dayne Dylan
      Banned
      Originally Posted by Jason Kanigan View Post

      -install the wordfence plugin, which I see you have; that should take care of 99% of problems. Make sure the repository checking for plugins option is on.

      -make sure the notices are genuine and not phishing

      -get confirmation from your host--if my sites get malware on them, my host tells me about that, not google.


      All the problems I've ever had were from uploads via plugins. Someone used a contact form to send emails from my site. Another time malware kept reinstalling itself after the host undid it.
      This seems like a good thing to do once your site is fixed, but in my case, I have malware and need to fix it then protect it.

      Thoughts or ideas? Thank you for your info!
      {{ DiscussionBoard.errors[10374118].message }}
  • Profile picture of the author Jill Carpenter
    Hey Dayne,

    Check this out in the war room:

    http://www.warriorforum.com/war-room...urity-wso.html
    Signature

    "May I have ten thousand marbles, please?"

    {{ DiscussionBoard.errors[10374107].message }}
    • Profile picture of the author Steve B
      DD,

      I've been with HostGator for some time and have never had such a problem. I have a reseller account and many domains hosted.

      Some unscrupulous dipsticks will send you an "official" looking email telling you this and that is wrong with your web site and offer to fix the problems quickly for only $75 (or whatever). At times these "pros" will even be the cause of the problem . . . or they may tell you there's a problem when, in fact, everything is fine. So you pay them, and boom! everything is fixed. Of course, they didn't fix anything and they're off to find their next hostage.

      Steve
      Signature

      Steve Browne, online business strategies, tips, guidance, and resources
      SteveBrowneDirect

      {{ DiscussionBoard.errors[10374120].message }}
      • Profile picture of the author Dayne Dylan
        Banned
        Originally Posted by Steve B View Post

        DD,

        I've been with HostGator for some time and have never had such a problem. I have a reseller account and many domains hosted.

        Some unscrupulous dipsticks will send you an "official" looking email telling you this and that is wrong with your web site and offer to fix the problems quickly for only $75 (or whatever). At times these "pros" will even be the cause of the problem . . . or they may tell you there's a problem when, in fact, everything is fine. So you pay them, and boom! everything is fixed. Of course, they didn't fix anything and they're off to find their next hostage.

        Steve
        This is definitely not my case. This is legit. Not some fake email from Google or some service telling me my site has been hacked.
        {{ DiscussionBoard.errors[10374182].message }}
  • Profile picture of the author GlobalTrader
    In addition to Wordfence mentioned by Jason above, you can also read why you should also consider the following plugins -

    IQ Country Block
    All In One WP Security
    Bullet Proof Security

    all of which are discussed at the following thread:

    http://www.warriorforum.com/main-int...e-malware.html

    I too have had recent issues with HG - they keep referring back to needing strong passwords when mine was already 37 characters, letters (upper and lower case) and symbols.

    I moved my oldest website over to my reseller acct with them in August (17 years old) - never had a problem with it on two different hosting services in that time then began having my hacking problems late September.

    They hacked my WHM acct - I got an email from HG stating the password had been changed and to notify them if I had not changed it. In those few short hours they had changed ALL the passwords on my domains.

    Got control back of WHM but passwords check changing until I began monitoring IP addresses and blocking them in htaccess.

    Received an email from a major bank's security department around 21 Oct stating their customers were receiving phishing emails from one of my sites and cited the files from which they originated. I immediately removed the files and began going thru all sites manually looking for and finding more of their planted scripts, files, etc..

    HG closed the site down even after I had removed the phishing email generating files. Regained access within 24 hours, they again suggested I had too weak passwords (37 digits/letters/symbols??). I kept insisting they had an issue with their server.

    One note I almost forgot, they kept pushing me to a service that would monitor the sites - I will not mention the name as I do not wish to give them any free publicity to suffice it to say it has my 60+ year old conspiracy neck hairs standing up wondering why I never heard of this service before or until these malware/phishing incidents began to occur??? Draw your own conclusions.

    Last, I received an email from them on 31 Oct - they had force changed all my passwords again because they had received reports of malware on one or more of my sites.

    The lead in paragraph of their email stated the following:

    "We have received reports of malware being hosted on an account under your control. Upon further investigation, it was determined that a script was uploaded to your account that allowed an external attacker to control both the reseller and resold accounts under your control. We have removed the reported content and have reset all passwords under your control."

    Note the 2nd sentence - upon further investigation....but onto the 2nd paragraph they again were pushing the 'site monitoring service' referred to above. I would like to know who owns this new service and why it has just now become their go to recommended site monitoring service? Again, you draw your own conclusions.
    Signature

    GlobalTrader

    {{ DiscussionBoard.errors[10374150].message }}
  • Profile picture of the author GlobalTrader
    I have been marketing on the Internet (one way or another) since 1988 via AOL classified ads. I do recognize legitimate emails from Phishers. The "major bank" security company that sent me the email notifying me of the phishing emails did not offer to clean my site, they were simply notifying me that it was happening, that I needed to do something about it immediately and showed me the directories and files from which the emails were generated.

    The 2nd email I cited in my post was from HG tech.

    I, like Steve B., have been with HG for many years (about 8 years) now and 'never' had any problems like these and here we are, 3 WF members who have posted thus far they have had these or similar issues just within the past month?
    Signature

    GlobalTrader

    {{ DiscussionBoard.errors[10374281].message }}
  • Profile picture of the author dlane1987
    get wpcurve t sort things out for you, install wordfence.
    {{ DiscussionBoard.errors[10374411].message }}
  • Profile picture of the author deezer
    Originally Posted by Dayne Dylan View Post

    Hey Warriors,

    I have an account at Hostgator and I have several addon domains in my account. All my sites are on Wordpress.

    Lately, I've been getting notices from Google saying that my sites have Malware on them. This happened a few weeks ago on a few domains, so I made sure to go into my sites and keep everything updated (Wordpress, themes, plugins) and also added security like WordFence.

    Well, today I got 3 more emails from Google saying Malware.

    I've tried to restore my sites with backups created in Code Guard, but they won't work because it says "We could not open a connection to your WordPress database just now." So I wonder if my DB are compromised as well, or maybe my main cpanel to my account? Ugh.

    I'm trying to work with Hostgator but it's been a royal pain to say the least. Not getting anywhere.

    ALL I want is for things to get fixed, cleaned and restored correctly...and finally, future protection.

    - Question #1: What should I do first?

    - Question #2: Is there a better hosting option/company I should consider to keep things more secure?

    - Question #3: Is using a service like Sucuri worth getting for my most important domains/sites?

    Much thanks in advance.

    And if I've posted this in the wrong forum here, mods feel free to move it to the most appropriate one.

    Thank you!
    Hi Dayne,

    If your wordpress being hacked or get malware, sometimes it because your plugin that you installed. Please always make sure you keep update your plugin, install the plugin that people most use.

    Install wordfence plugin to detect the problems. Sucuri is also great plugin. Please just refer to this post:

    - Oh Dam* !! My WordPress Site has been Hacked - Best Windows ASP.NET Hosting 2015 | Cheap Windows ASP.NET Hosting 2015
    - WordPress Hosting Tips – Is Your WordPress Site Being Attacked by Hackers? - Best Windows ASP.NET Hosting 2015 | Cheap Windows ASP.NET Hosting 2015

    Hope it help
    {{ DiscussionBoard.errors[10374768].message }}

Trending Topics