13 {{ upvoteCount | shortNum }}
13 {{ upvoteCount | shortNum }}

My sites have been hacked - what do I do?

by Ceri
11 replies
Hi there,

I have lots of sites with different hosting. All the sites (addon domains - the main site is fine) on one particular host have been hacked and now show a totally different website.

How did they do this? What do I do?

Any help is greatly appreciated.

Thank you,

Ceri
#hacked #sites
  • Profile picture of the author milodigital
    Are they wordpress sites? Who are you hosting with?
    {{ DiscussionBoard.errors[5816138].message }}
    • Profile picture of the author Ceri
      They are WordPress sites.

      I have been using WordPress for eighteen months with no problems. I am not saying it is because of the hosting, but it is only those ones that have been hacked.

      I don't want to say who I am hosting with at the moment because he is a Warrior and I don't want to cause him unnecessary problems - I have emailed him and want to give a chance for response (although it has been a couple of days now).

      Ceri
      {{ DiscussionBoard.errors[5816184].message }}
  • Profile picture of the author Wide
    Run a virus scan on your own computer first.
    Change hosting provider, unless your using a big one like hostgator.
    Change all passwords.
    Your using wordpress? Update to latest version and change your login passwords. There are some "security pluings" which you can install too.
    Hope you have backups, otherwise contact your host to see if they have some.
    Signature

    Test my 21.03% CTR Theme
    http://www.warriorforum.com/warrior-...?highlight=CTR

    {{ DiscussionBoard.errors[5816174].message }}
  • Profile picture of the author rosetrees
    It's usually the index.php files that are changed. There are several of these at different levels of the site. Off the top of my head (I think) there is one in the main directory, one in wp-admin, one in wp-content and one in the themes folder. There might be more.

    Download the latest version of Wordpress or just do a fresh install using fantastico (if you have it).

    Then use ftp software to connect to your sites and replace all the index.php files with their relevant ones from the new install.

    Note - I'm assuming your sites were using the latest version of Wordpress. If not, download the appropriate version.

    Note 2 - see if you can update Wordpress from within Fantastico if you have it. This is the quickest and easiest way, but it isn't always possible.

    Or PM me.. and I'll talk you through it.
    {{ DiscussionBoard.errors[5816213].message }}
    • Profile picture of the author Ceri
      Thank you so much. I will go through that now.

      Ceri
      {{ DiscussionBoard.errors[5816223].message }}
  • Profile picture of the author Majin
    remember to make a backup of your sites at least once a week. Some plugin like Backup Buddy automate the process.
    {{ DiscussionBoard.errors[5816243].message }}
  • Profile picture of the author Wide
    A suggestion: If you experience this error again, after updating your blog, then change hosting provider - even if he is a WF member. Your running a business (or trying to) and need to protect your websites as good as possible. If you can increase the security of your websites by changing hosting provider, then do so.

    I have no idea if your problem is caused by your hosting provider or not, it might "just" be a problem with your wordpress installation.

    2 days reply time from your host is not OK though.
    Signature

    Test my 21.03% CTR Theme
    http://www.warriorforum.com/warrior-...?highlight=CTR

    {{ DiscussionBoard.errors[5816261].message }}
    • Profile picture of the author John Romaine
      Originally Posted by Wide View Post

      I have no idea if your problem is caused by your hosting provider or not, it might "just" be a problem with your wordpress installation.
      Your sites being hacked have nothing to do with the hosts. Its up to you, as a site owner, to secure your own sites, not the hosts.

      Im no Wordpress expert, but surely they provide plugins to prevent this sort of thing happening.

      1. Have you installed any of these plugins?
      2. Are you running the most recent versions?
      3. Have you got local backups?
      Signature

      BS free SEO services, training and advice - SEO Point

      {{ DiscussionBoard.errors[5816280].message }}
      • Profile picture of the author Wide
        Originally Posted by John Romaine View Post

        Your sites being hacked have nothing to do with the hosts. Its up to you, as a site owner, to secure your own sites, not the hosts.
        I disagree.

        If one or more servers has been hacked and his site is located on one of those servers, then it's a problem with the hosting provider and not his website. It's rare but not impossible.

        Examples:
        Server Hacked via WHMCS billing account - Web Hosting Talk
        700,000 sites on Inmotion Hosting Server hacked by TiGER-M@TE in one shot ! | The Hacker News (THN)
        Signature

        Test my 21.03% CTR Theme
        http://www.warriorforum.com/warrior-...?highlight=CTR

        {{ DiscussionBoard.errors[5816355].message }}
        • Profile picture of the author John Romaine
          Originally Posted by Wide View Post

          If one or more servers has been hacked and his site is located on one of those servers, then it's a problem with the hosting provider and not his website. It's rare but not impossible.
          A server getting hacked is different from a website getting hacked. I agree, its up to the hosts to ensure their servers are secure.

          But its also the responsibility of site owners to ensure their websites are secure.

          99% of the time, this type of issue is the fault of the individual, not the hosting company - especially when theyre using an open source code CMS, such as wordpress.
          Signature

          BS free SEO services, training and advice - SEO Point

          {{ DiscussionBoard.errors[5816399].message }}
  • Profile picture of the author James.N
    It's generally always the websites that get hacked themselves. With Wordpress it's important to only have plugins that you're using installed. Also you need to make sure that you keep your version of Wordpress and all plugins up to date.

    There have been issues with outdated plugins that use TimThumb: Attack Targets TinThumb Vulnerability | Malware Blog | Trend Micro
    Zero Day Vulnerability in many Wordpress Themes | mm

    Generally I would start by changing your Wordpress passwords and make them more secure. Then go through and delete any plugins AND themes you're not using. Update all the plugins. I would then download the latest version of Wordpress and replace all the current files in your wordpress folder. This will replace and infected files.

    Following the above steps usually clears up most sites. Be sure to scan your computer as well in case it originated there.

    Here's a couple links to scan a site for viruses:
    Site Inspector
    https://www.virustotal.com/
    {{ DiscussionBoard.errors[5816514].message }}

Trending Topics