14 {{ upvoteCount | shortNum }}
14 {{ upvoteCount | shortNum }}

First time being hacked, confused on what to do

by dakota5369
12 replies
my website (proboxinginsider.com) was hcked. i went there and it said some group called the Saints Hacker Team had taken over. it also said for the admin to patch the system.

i use wordpress and can still get through the backend. as far as i can tell, nothing has been messed with other than where you go when you try to go to my site. all my content, etc. is still there.

thing is, my host (siteground) says for just $200 they can fix it. i dont have $2 let alone 200. i see a list of fixes, but i dont know a thing about code.

i guess i am screwed, but does anyone have an idea of what i might do to resolve this? i really hate this


it also says they are from indonesia. however, i did get from my host that an ip address from fresno tried to log in about 50 times yesterday. i dont know anybody from there
#confused #hacked #time
  • Profile picture of the author dakota5369
    well, in an interesting twist, i just updated to the newest version of wordpress and my site is back up. other than changing all passwords, are there any other things to do?
    Signature
    www.proboxinginsider.com
    {{ DiscussionBoard.errors[8711318].message }}
    • Profile picture of the author BrandByApi
      I would look into this thread:
      http://www.warriorforum.com/programm...in-access.html

      Blocking them from WordPress admin panel is a good step. Also I would change any passwords involving your host and any WebHostManager passwords. It would be helpful to know if they are hacking your website via WordPress login attempts or actually getting into your host and changing files.
      {{ DiscussionBoard.errors[8711608].message }}
      • Profile picture of the author RobinInTexas
        Install Wordfence plugin, it's free and will prevent most if not all exploits against the WordPress blog. Make sure you are using strong passwords for both the WordPress and your hosting, cPanel, and FTP logins. https://www.grc.com/haystack.htm
        Signature

        Robin



        ...Even if you're on the right track, you'll get run over if you just set there.
        {{ DiscussionBoard.errors[8713472].message }}
        • Profile picture of the author dakota5369
          Originally Posted by RobinInTexas View Post

          Install Wordfence plugin, it's free and will prevent most if not all exploits against the WordPress blog. Make sure you are using strong passwords for both the WordPress and your hosting, cPanel, and FTP logins. https://www.grc.com/haystack.htm
          i did install this. unfortunately, when i did a scan it doesnt return anything
          Signature
          www.proboxinginsider.com
          {{ DiscussionBoard.errors[8721582].message }}
      • Profile picture of the author dakota5369
        Originally Posted by BrandByApi View Post

        I would look into this thread:
        http://www.warriorforum.com/programm...in-access.html

        Blocking them from WordPress admin panel is a good step. Also I would change any passwords involving your host and any WebHostManager passwords. It would be helpful to know if they are hacking your website via WordPress login attempts or actually getting into your host and changing files.
        i was told they tried to log into my admin panel many times. the "hacker team" that did it says they are from indonesia. however, the ip is from fresno
        Signature
        www.proboxinginsider.com
        {{ DiscussionBoard.errors[8721610].message }}
  • Profile picture of the author Kingfish85
    The majority of security issues stem from poorly written themes and plugins as well as not keeping things up to date. Most security "plugins" don't stop a determined malicious user, they're a mere band aid. Do your research before blindly installing security plugins as a lot of what they block in most cases should be blocked server side..
    Signature

    |~| VeeroTech Hosting - sales @ veerotech.net
    |~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
    |~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
    |~| Visit us @veerotech Facebook - Twitter - LinkedIn

    {{ DiscussionBoard.errors[8713486].message }}
  • Profile picture of the author dakota5369
    site got taken down by the host. apparently there is bad stuff in some codes. including this code.

    Sucuri Malware Signatures
    </br><script type="text/javascript" src="http://K4C3-Undetected.googlecode.com/files/K4C3 Undetected.js"></script><TITLE>MFP'./Saints.R-H4CK</TITLE> <br/><font face="Nosifer" size="7" color="red" class="a">PLEASE PATCH </font><font face="Nosifer" size="7" color="white" class="a">YOUR SYSTEM NOW!!!</font><link href='http://fonts.googleapis.com/css?family=Averia+Sans+Libre' rel='stylesheet' type='text/css'><link href='http://fonts.googleapis.com/css?family=Orbitron%3A700' rel='stylesheet' type='text/css'><link href='http://fonts.googleapis.com/css?family=Nosifer' rel='stylesheet' type='text/css'><meta name="Description" content="Has Been Hacked by Saints Hacker Team "><script language="JavaScript">function tb5_makeArray(n){ this.length = n; return this.length;
    Signature
    www.proboxinginsider.com
    {{ DiscussionBoard.errors[8721579].message }}
  • Profile picture of the author RobinInTexas
    If siteground has taken your site down, are they still allowing you to access the cpanel, and have they told you what you have to do to get them to allow your site to go back up?
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[8721741].message }}
    • Profile picture of the author dakota5369
      Originally Posted by RobinInTexas View Post

      If siteground has taken your site down, are they still allowing you to access the cpanel, and have they told you what you have to do to get them to allow your site to go back up?
      yes, they allowed just me access to it. they said i have to clear up all the malicious code before it can go back up. i am kind of panicking because this is 2 years of work and right now there is no way i can pay the money it takes to fix it
      Signature
      www.proboxinginsider.com
      {{ DiscussionBoard.errors[8721751].message }}
  • Profile picture of the author dakota5369
    i hate being this dumb. can anyone point out where i would find this code that i posted above?
    Signature
    www.proboxinginsider.com
    {{ DiscussionBoard.errors[8721748].message }}
  • Profile picture of the author wordpressguru
    Cleaning the website will steal you some money (even if you don't want) if you don't know how to do repair it. Change all passwords and register with Cloudflare. It will not be 100% secure, but it will protect your website against most malicious scripts.
    Signature
    Searching for a wordpress theme that suit your needs? // Or maybe you have problems moving your wordpress website?
    {{ DiscussionBoard.errors[8726297].message }}
    • Profile picture of the author Karen Blundell
      Here's what you do:

      Download a hard copy of WordPress from WordPress.org and save it to your computer.

      Do you know how to use FTP?

      If not, no worries - go download and install an easy to use FTP program called FileZilla - make sure you read the documentation - it really isn't hard to use and you simply set it up with an account that your webhost gave you and you can send your files to your website. In case you didn't know, FTP stands for File Transfer Protocol or just a way to transfer files from your computer to your website's server.

      Now what you are going to do is over-write everything in your root WordPress folder, as well as wp-admin and wp-includes folders via FTP so that means that WordPress download should be unzipped and residing somewhere on your computer so that you can now transfer the files to your website.

      next you go into your wp-content/plugins folders and write down all the plugins you have in there. (yes- this is a long process - that is why devs charge the big bucks to do this and $200 is a reasonable fee to expect)
      Now go to WordPress.org/extend/plugins and find your plugins and download hard copies to your computer.

      Unzip the plugins and extract them to your computer -

      Now you are going to transfer the plugin folders from your computer to your website in the wp-content/plugins folder to over-write the ones that are there - always say yes when asked by Filezilla whether to over-write.

      Do the same thing for the themes as above - sorry if you have to lose any customization - it's better than losing everything.

      Now, one more file needs to be looked at - and it's called wp-config.php - You need to make sure no bad code is in it and you're going to make some changes in there - just open it in Notepad
      a standard wp-config.php looks something like this:
      Code:
      <?php
/**
 * The base configurations of the WordPress.
 *
 * This file has the following configurations: MySQL settings, Table Prefix,
 * Secret Keys, WordPress Language, and ABSPATH. You can find more information
 * by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
 * wp-config.php} Codex page. You can get the MySQL settings from your web host.
 *
 * This file is used by the wp-config.php creation script during the
 * installation. You don't have to use the web site, you can just copy this file
 * to "wp-config.php" and fill in the values.
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');

/** MySQL hostname */
define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each a unique
 * prefix. Only numbers, letters, and underscores please!
 */
  = 'wp_';

/**
 * WordPress Localized Language, defaults to English.
 *
 * Change this to localize WordPress. A corresponding MO file for the chosen
 * language must be installed to wp-content/languages. For example, install
 * de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German
 * language support.
 */
define('WPLANG', '');

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 */
define('WP_DEBUG', false);

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
    define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
      First make sure no other suspicious code other than what should be in your wp-config file is in there - what you see above is a blank sample and yours will have database name, username, password, and it's own unique keys and salt.
      You are going to change the unique keys and salt by going here:
      https://api.wordpress.org/secret-key/1.1/salt/

      and what you generate at that page you are going to over-write in your wp-config file in this spot:

      Code:
      define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');
      now one more thing - you are going to change your database password by going into your cpanel, and under Databases - click the MySQL database button- look for your database username at the bottom of the page where it says current users and click on it - generate a new hard to guess password - and enter it on your wp-config.php file here:

      Code:
      /** MySQL database password */
define('DB_PASSWORD', 'password_here');
      Save your new wp-config.php file and upload it to your WordPress root directory.

      now, you are going to do one final thing before you continue -

      you are going to run a virus scan on your cpanel -
      go to the Advanced tab in your cpanel and click the virus scanner button- run the virus scan on your root directory (public_html)

      ok.

      now
      go to your website but to this address:
      http://yourwebsite.com/wp-admin/install.php

      if everything went well with the above steps you will be able to see a page of checks that shows everything's all good and your database will get updated -
      once that is done -
      you are now virus free-

      I hope the above helps - pm me if you need more help - but I also hope that other warriors will step up and contribute more tips to make your site a lot
      more secure -

      it doesn't hurt to learn more about security at the cpanel level - how to use the .htaccess file to block bots, and other nasties from getting in- believe me when I say - it is an eye opener to find out that 3/4 of your visitors are bots -

      good luck with your site!
      Signature
      ---------------
      {{ DiscussionBoard.errors[8728379].message }}

Trending Topics