19 {{ upvoteCount | shortNum }}
19 {{ upvoteCount | shortNum }}

two wordpress sites of my clients got hacked

by sergionjnyc
16 replies
  • WEB DESIGN
    • |
two wordpress sites of my clients got hacked
and the site displays "Hacked By TreX"

i was able to fix it because i had backup files
i did change my password on the hosting

but how i can prevent something like this in the future
#clients #hacked #sites #wordpress
  • Profile picture of the author tribros
    Check this post out:
    11 Ways To Secure Your WordPress Blog - Make Tech Easier
    Signature
    >> ** Discover 1,000's of Unique and Quality PLR Articles, PLR Ebooks, Softwares, Audios, Videos and other Private Label Rights products... Choose from 1,000's of Topics and Categories... Get Instant Access!! Make a Quick PLR Search...** <<
    {{ DiscussionBoard.errors[2001787].message }}
    • Profile picture of the author sajan1kota
      Originally Posted by tribros View Post


      Nice help its very very useful thanks a lot.
      {{ DiscussionBoard.errors[2001832].message }}
      • Profile picture of the author sergionjnyc
        those 11 ways are basic stuff
        already done when wordpress was installed
        is there anything else?
        the hackers messed up my wp-config.php file
        how they can access it and change the content of that file?
        if we know how then we can prevent it
        {{ DiscussionBoard.errors[2001954].message }}
        • Profile picture of the author TrueStory
          Originally Posted by sergionjnyc View Post

          those 11 ways are basic stuff
          already done when wordpress was installed
          is there anything else?
          the hackers messed up my wp-config.php file
          how they can access it and change the content of that file?
          if we know how then we can prevent it
          you can't secure everything 100%...

          My question is, DID THEY ACTUALLY HACK WORDPRESS?

          This is important. You can twist yourself inside out, do everything possible to secure word press blog, YET the FTP account to your host has username "admin" and password "password"

          I kid you not, how many times i've seen clients not changing default password for their admin account to cPanel. Or worse, allowing shell access.

          Also take a look what else is hosted on that server, maybe you have 'weak' directory that world has access to (777)?

          Someone might upload a backdoor php file to your server, and you don't even have to execute it, Google Crawler will do that for you. And BAM! you have a hole in your system.

          also, HOST company might have weak security; these guys throw 200+ website on single Apache server. Maybe your host-neighbor has weak site hacker go into. If Apache server isn't configured properly (cheap hosts) hacker can alter permission on files, leaving your site vulnerable.

          It's not just word-press that you need to secure. ALWAYS make backups of your data. I have cron job that backs up my files every 6-12 hours, database every 4 hours. Periodically i clean the backup folder. IF you have REALLY important data, you can setup cron to back up your files to remote FTP host. This can get complicated but some data well worth it.

          I also backup everything to my home computer every so often. Why? Because, host-providers do hire morons for cheap. Some student, still in high school is often their Sys Admin (I know right). Wrong command or sys admin's negligence and your entire business is GONE! and they do not back your files up for you. BaM!
          Signature

          Your business matters only to people that matter to your business[/U][/B] - Reach them?

          {{ DiscussionBoard.errors[2002188].message }}
          • Profile picture of the author angel1987
            Change FTP password and Wordpress Password regularly. FTP is the thing which lets hacker access any file on web server.

            One of my clients website had an Invisible iFrame Attack and all i was recommended by the web host was to change the FTP. I did and it worked, it stopped.

            Also let your web host know about any such hacking attempt. They can assist you.
            Signature
            24interns - Post free job vacancies to hire interns.
            {{ DiscussionBoard.errors[2002205].message }}
  • Profile picture of the author senderbot
    Hi,

    I've had similar done. It was at a time when Wordpress sites were getting hacked worldwide. BUT once I did all the necessary tweaks I got hacked again leading me to believe that once they got in they also managed to somehow access my control panel accounts.

    I changed my hosting control panel password and it all stopped but I now use the following on all my WP sites -

    Antivirus
    Paranoid 911
    Secure Wordpress
    WP Security Scan

    I also sometimes use this -
    TTC Security Tool

    And I use this to automate my backups -
    WP DB Manager

    Cheers

    Max
    Signature
    PornStarStamina is for sale! - Buy the book rights and website! or Just Download the Book For FREE! - Check it out!
    {{ DiscussionBoard.errors[2002338].message }}
    • Profile picture of the author sergionjnyc
      thank you all
      i will go thru all the steps to secure the sites
      thanks
      Sergio
      {{ DiscussionBoard.errors[2008984].message }}
  • Profile picture of the author Bellthorpe
    Someone might upload a backdoor php file to your server, and you don't even have to execute it, Google Crawler will do that for you. And BAM! you have a hole in your system.
    Unless of course you deny all .php files in robots.txt.

    I have a cron job that checks every few hours for any new directories, and any new or changed .php files.
    {{ DiscussionBoard.errors[2009958].message }}
  • Profile picture of the author TrueStory
    Bellthorpe, what do you use to see if file has been modified? Or do you go by "last modified date"?

    I assume you exclude "Cache" directory and upload directory?
    Signature

    Your business matters only to people that matter to your business[/U][/B] - Reach them?

    {{ DiscussionBoard.errors[2010225].message }}
    • Profile picture of the author software248
      These hackers were probably getting the password and username off of something.
      This happened to my wordpress but this was only because i gave my username and password away to my friends and it got around.
      Signature
      Her Online Network - A Blog just for Her
      {{ DiscussionBoard.errors[2011785].message }}
    • Profile picture of the author Bellthorpe
      Originally Posted by TrueStory View Post

      Bellthorpe, what do you use to see if file has been modified? Or do you go by "last modified date"?

      I assume you exclude "Cache" directory and upload directory?
      I create a file list each time the cron job is run, and compare it with the previous list using 'diff'.

      Here's a small extract of the code (it's done for directories and .php files):

      Code:
      #------------------ .php files --------------------------
# Make a file containing a list of all of the php files
rm -fv /var/www/htdocs/todays_php_files;
find /var/www/htdocs -type f  -name '*.php' > /var/www/htdocs/todays_php_files;

#Compare it to the previous day's file
if  diff  /var/www/htdocs/todays_php_files /var/www/htdocs/yesterdays_php_files;
then
      I don't exclude any directories. And I sure would want to know if anyone was uploading php files!.
      {{ DiscussionBoard.errors[2013739].message }}
      • Profile picture of the author TrueStory
        i see.

        I have several folders where script modifies files and users can upload "resumes" to my site. I would have false alerts, but i guess i can watch these too

        thanks man. I'll probably implement something similar.
        Signature

        Your business matters only to people that matter to your business[/U][/B] - Reach them?

        {{ DiscussionBoard.errors[2014017].message }}
  • Profile picture of the author mariuszantonik
    Recently I had this same problem.
    One of week security point is ftp access. FTP send username and password in clear text and it can be simple read by some programs. You can increase your security by using winSCP (WinSCP - Free SFTP Client, Secure File Transfer Protocol, Secure FTP). It use SFTP connection - secure ftp connection. Your password is encrypted and not readable for programs that simple as ftp password.

    I make short video how to use winSCP. Important part is that you have to contact your hosting company and ask them on what port you can connect using SFTP. If you have this information you can configure this program and connect to your hosting account.
    Here is link to video
    How to use winSCP
    (I hope this is ok to put this link here)
    Signature

    Mariusz Antonik
    skype:mariusz_antonik

    {{ DiscussionBoard.errors[2012463].message }}
  • Profile picture of the author gameutopia
    Host that have apache module setups which one can use 777 folders/directories can give some problems with hackers. I like suphp or a cgi type of host that pretty much eliminates the 777 and nobody issue.

    If you are on shared hosting there are some good .htaccess modifications that can help prevent some things. It would be tough to stop or prevent everything, but some prevention is better than none.
    Signature
    Support and help for Boonex Dolphin CMS and Jokes for Old Folks
    {{ DiscussionBoard.errors[2013835].message }}
  • Profile picture of the author Bellthorpe
    When I have enough posts to PM I'll send you the entire script. You can of course modify it to check/avoid certain file types.

    But surely no-one's uploading .php files to your site? My main motivation was to ensure that .php files don't appear out of the blue.
    {{ DiscussionBoard.errors[2014086].message }}
    • Profile picture of the author TrueStory
      Originally Posted by Bellthorpe View Post

      When I have enough posts to PM I'll send you the entire script. You can of course modify it to check/avoid certain file types.

      But surely no-one's uploading .php files to your site? My main motivation was to ensure that .php files don't appear out of the blue.
      goodpoint.

      You can pm me on skype (bluefogsky) or just email me at mkovalch at gmail dot com

      I've been lucky (knock on the wood); actually once i got a PHP upload through resume form (my own negligence, not to check filetype) Also, i learned it's best to restrict any server-side scripts, perl, php, coldfusion, etc.
      Signature

      Your business matters only to people that matter to your business[/U][/B] - Reach them?

      {{ DiscussionBoard.errors[2014121].message }}

Trending Topics