7 {{ upvoteCount | shortNum }}
7 {{ upvoteCount | shortNum }}

My site hacked! But how?

by MervikHaums
6 replies
  • WEB DESIGN
    • |
Hey guys,

I was troubled a few days before with a trojan in my wp blog. So i deleted everything from the server and re-installed it. So it was working fine. (See I was having around 1000+ posts )

But today again It started getting the same trojan alert. Thanks w3c validator - I checked there and find out a script that was not inserted myself. Fortunately it was on my sidebar widget and I could remove it. And its fine now.

But how come the script could be inserted there? Any idea?
#hacked #site
  • Profile picture of the author AffiliateCashPile
    Yeh this happened to a few of my sites when i first started a long time ago. Chances are its a vulnerability with a plug in you are using. Hackers do this by finding exploits in the javascript or other areas of your site, usually a flaw in a plug in.
    Signature
    Affiliates who EARN with ACP generate 7%-10% more per lead

    www.AffiliateCashPile.Com Sign up now.

    OVER 600 OFFERS!!!!! Sign up now.
    {{ DiscussionBoard.errors[2298328].message }}
    • Profile picture of the author MervikHaums
      Originally Posted by AffiliateCashPile View Post

      Yeh this happened to a few of my sites when i first started a long time ago. Chances are its a vulnerability with a plug in you are using. Hackers do this by finding exploits in the javascript or other areas of your site, usually a flaw in a plug in.
      Do you think joomla is much safe?? Also the only two plugins I've there are related posts and akismet!! But how in sidebars?? In case of exploiting via plugin files it should be passed to those pluginfile.php right? Or am I wrong?

      Thanks.!

      PS: last time when the same thing happened to you - how did you manage it?
      Signature
      => Ecommerce? Shopify?
      FB Ads? Check This 3 Minutes Video!
      <=
      {{ DiscussionBoard.errors[2298376].message }}
  • Profile picture of the author Marketing Profits Software
    Is the threat a variant of the Gumblar (Troj/JSRedir-R) virus? If so, some variants of the virus steal passwords you store in your FTP client. So, even if you remove the virus from your site, it can steal your password, log into your site through FTP, and reinfect your files (usually, it infects index.php and Javascript files).

    Here's what I would recommend:

    1. Backup your data (WP-Admin->Tools->Export), and delete the Wordpress installation.
    2. Scan your computer using the latest version of Avast Free Antivirus (although it sounds like your current antivirus software already detects the threat, so that's a good thing).
    3. Change your FTP passwords and never store them in your FTP client.
    4. Reinstall Wordpress and import (WP-Admin->Tools->Import) your data.

    Does anyone else have access to your site? They need to follow the same procedure.
    {{ DiscussionBoard.errors[2298486].message }}
    • Profile picture of the author MervikHaums
      Originally Posted by Chris Landrum View Post

      Is the threat a variant of the Gumblar (Troj/JSRedir-R) virus? If so, some variants of the virus steal passwords you store in your FTP client. So, even if you remove the virus from your site, it can steal your password, log into your site through FTP, and reinfect your files (usually, it infects index.php and Javascript files).

      Here's what I would recommend:

      1. Backup your data (WP-Admin->Tools->Export), and delete the Wordpress installation.
      2. Scan your computer using the latest version of Avast Free Antivirus (although it sounds like your current antivirus software already detects the threat, so that's a good thing).
      3. Change your FTP passwords and never store them in your FTP client.
      4. Reinstall Wordpress and import (WP-Admin->Tools->Import) your data.

      Does anyone else have access to your site? They need to follow the same procedure.
      In fact I've done all these steps before once. Now I've just removed the script and changed my ftp and other passwords. Also I'm using the latest version of mcafee premium. Thanks.
      Signature
      => Ecommerce? Shopify?
      FB Ads? Check This 3 Minutes Video!
      <=
      {{ DiscussionBoard.errors[2298979].message }}
  • Profile picture of the author Ashley G
    I actually had a batch of wp sites hacked a few months back. The hacker got in through lax folder permissions.

    All your folders should be permission 755 except uploads, plugins and themes which are designed to be 777.

    That being said, its safer to have plugins and themes as 755 except when you are updating them.

    Once the hacker got into your server he wasn't limited to just your wp files. He has access to everything even possibly other sites on the server.

    This means he could have left files elsewhere on your server to rehack the site if its fixed.

    Even if you clean yours thoroughly, if other sites on the same server are infected they can reinfect yours. (depending on how the web host has things set up. If set up properly reinfection can't occur, but most hosts are *not* set up properly)
    {{ DiscussionBoard.errors[2298989].message }}
    • Profile picture of the author MervikHaums
      Originally Posted by thinkinginvain View Post

      I actually had a batch of wp sites hacked a few months back. The hacker got in through lax folder permissions.

      All your folders should be permission 755 except uploads, plugins and themes which are designed to be 777.
      I'm a little confused about the file permissions. Some of the files are 644 and some others are 755. Can you please explain it a bit with exact permission numbers with files and folders. I checked out the wordpress site but its not numbered confusing -r-w-r and so..!!

      Also do you know any security plugins that can prevent from exploits?
      Signature
      => Ecommerce? Shopify?
      FB Ads? Check This 3 Minutes Video!
      <=
      {{ DiscussionBoard.errors[2299183].message }}

Trending Topics