How the heck are they getting in?

by sylviad 11 replies
Without giving a hacker ideas... can someone explain how hackers gain access to your wp blogs? I notice they don't seem to bother with static html sites.

I just found 2 zip files that they uploaded to my new empty site. Wordfence found them for me, along with changes that had been made to a .php file that I think made it possible for them to do that upload. This means they're getting right into my CPanel doesn't it?

The password for this and all my sites are generated to about 10 characters/letters/numbers combos. My guess is that they aren't going through this access route. So does it have anything to do with my host not having a very secure service?

Thanks.

Sylvia
#programming #hack attacks #heck
Avatar of Unregistered
  • Profile picture of the author jefftaylor64
    Better check with your host support. Is your cpanel password strong ? get it changed ..
    If your hosting account has been compromised then the hosting support should be helping you with this, if not change hosting provider ! Hope you get it sorted
    {{ DiscussionBoard.errors[10924517].message }}
  • Profile picture of the author sylviad
    Hi Jeff,

    It's more evident now that they are getting into CPanel... cz I discovered that uploaded zip file throughout all my sites, and even in one of my static html sites. They modified the index.php files and another file that shows that zip file name. For awhile I was thinking their coding kept re-uploading the file every time I deleted it, cz it seemed to keep coming back.

    My Host has been really good about checking out this stuff, but I"m going to ask them to change my user name for CPanel cz some hackers are trying to gain access using it (as I am discovering through Wordfence). My passowrd has been changed repeatedly, but I'll change it again, too... make it 16 CHARACTERS or maybe 50!

    Sylvia
    {{ DiscussionBoard.errors[10925817].message }}
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Need articles, ebooks written? - Award-winning Journalist is taking new projects. Warrior Discounts!
  • Profile picture of the author jbyte
    Could also be malware/virus on the computer you are using to log into your site. Check that first.
    {{ DiscussionBoard.errors[10926807].message }}
    Signature

    I fix WordPress problems, PM me if you need help

    • Profile picture of the author sylviad
      Originally Posted by jbyte View Post

      Could also be malware/virus on the computer you are using to log into your site. Check that first.
      My computer seems fine... using Norton and Malware Bytes to root out any malicious files, etc.

      The problem is coming from a file I can't get to... htaccess. Clearly, it's a hidden file, and apparently that's the file they modify to mess up your site. As fast as I'm deleting fake files and modified files, I assume it's that file that keeps putting stuff back.

      Anybody know how to get access to htaccess?

      Sylvia
      {{ DiscussionBoard.errors[10928868].message }}
      Signature
      :: Got a dog? Visit my blog. Dog Talk Weekly
      :: Need articles, ebooks written? - Award-winning Journalist is taking new projects. Warrior Discounts!
      • Profile picture of the author jbyte
        Originally Posted by sylviad View Post

        My computer seems fine... using Norton and Malware Bytes to root out any malicious files, etc.

        The problem is coming from a file I can't get to... htaccess. Clearly, it's a hidden file, and apparently that's the file they modify to mess up your site. As fast as I'm deleting fake files and modified files, I assume it's that file that keeps putting stuff back.

        Anybody know how to get access to htaccess?

        Sylvia
        You can get to the file under cpanel, if that is what you use. Use the file explorer and make sure that hidden files are showing - you can edit it, but might be best to have your hosting company look over that.
        {{ DiscussionBoard.errors[10929055].message }}
        Signature

        I fix WordPress problems, PM me if you need help

  • Profile picture of the author sylviad
    Thank you jbyte. I found how to turn on hidden files and found the htaccess files for all my sites. I did a new WP install on one empty domain, and that .htaccess file looks like copy below. Is this how they should look? Because the file on my other sites has other stuff in them, that includes (google|yahoo|msn|aol|bing)

    Code from new installation which looks right to me. Can I just copy this to all of my htaccess files? :

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress
    {{ DiscussionBoard.errors[10930488].message }}
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Need articles, ebooks written? - Award-winning Journalist is taking new projects. Warrior Discounts!
  • Profile picture of the author ernestrategos
    Hello. It may have to do with your FTP software somehow. I have had (also solved) problems just like the one you have in the past.
    {{ DiscussionBoard.errors[10975039].message }}
  • Profile picture of the author yukon
    Originally Posted by sylviad View Post

    Without giving a hacker ideas... can someone explain how hackers gain access to your wp blogs?

    Simple.

    They look for vulnerabilities in themes, plugins and/or directly on the MySQL database and do a SQL injection.

    There's sites on the web with list of known WP plugins that have security holes, from there it's as simple as doing a Google search looking for sites that have a footprint from the theme/plugin (usually plugin).
    {{ DiscussionBoard.errors[10975049].message }}
    Signature
    We have the technology.
    • Profile picture of the author sylviad
      Originally Posted by yukon View Post

      Simple.

      They look for vulnerabilities in themes, plugins and/or directly on the MySQL database and do a SQL injection.

      There's sites on the web with list of known WP plugins that have security holes, from there it's as simple as doing a Google search looking for sites that have a footprint from the theme/plugin (usually plugin).
      Thank you Yukon.
      So they somehow gain access to MySQL? Would that be a weakness with the host provider?

      What commonly happens is they are getting into all of my blogs (yes, they're hosted on one server as add-on domains) and making all those changes, such as adding certain files and modifying others. As I said, the only sites they don't touch are my static HTML sites.

      Not all of my blogs have the same theme or plugins. They hack even the newer themes that I've upgraded.

      Also, they've discovered my user name for my CPanel, but would be severely tested to discover the convoluted passwords I've created and change.

      Is there anything to be done if it's MySQL issue?

      Sylvia
      {{ DiscussionBoard.errors[11097188].message }}
      Signature
      :: Got a dog? Visit my blog. Dog Talk Weekly
      :: Need articles, ebooks written? - Award-winning Journalist is taking new projects. Warrior Discounts!
  • Profile picture of the author PromoA
    Probably your hosting is vulnerable. It might be virus on your site or on hosting. I would contact hosting support in his case
    {{ DiscussionBoard.errors[11097227].message }}

Trending Topics