WP Teenage Foreign Hackers Putting me Out of Business

79 replies
Hi everyone.

I recently took the plunge this year and decided to do the whole "offline" thing.
I've been doing online marketing for a number of clients and setting up websites.

I have been using wordpress to create websites. I usually use wpremix, edit a template from themeforest or something. I am upfront with clients about the fact I am using and editing templates. They are always happy with this. Besides, I don't charge the earth for this.

Now I use wordpress because I have been using it for years and really enjoyed it, and got quite good with it. I also know a professional web design agency (with some ridiculously good programmers) using wordpress. They love it and use it for everything (although they are far better than me at it).

However, recently, (particularly new sites) have been being hacked. The hackers manage to change the password, and change the email address that the password reset is sent to. Allowing them to then edit some code in my current/active theme folders. This alters the appearance of the site, and usually contains some picture of zombies, some crappy music, some foreign text, hotmail addresses (setup to harm your computer if you email them) and some message about me being a son of a b*tch.

Now, whilst I disagree with their wording, I may well be a non-too-agreeable individual. Thats fine. But I would rather they didn't post their feelings about it on my client's websites.

** Please note, they are not actually directing insults at me, just the admin of the website. This hacking attack itself is not personal**

I have taken a reasonable amount of advice on preventing this nonsense, including index paging my plugin and theme pages so as not to give anything away and activating the following plugins:

wordpress firewall
login lockdown
wp security scan
antivirus
Block Bad Queries

I also prevent new users signing up. I have been to the wordpress forums about this, but all they talk about there is making sure your wordpress version is the latest one available. They talk about how nothing except that is going to help. I hate to say it, but they are wrong. All my sites getting hacked are all totally up-to-date.

I am going to have to get used to a new CMS asap, or I need some help about how to make this kind of attack even tougher for these people. I know a programmer who will protect a site for £100 a shot, but I cannot afford at this stage for him to work his magic on every blog/site I have.

I know these hackers are just out to target anyone they can, but they seem to find two of my sites every time. I don't feel like I deserve any of this, but I seem to keep having my weekends ruined by it.

All of this is VERY close to putting me out of business if it continues. I desperately need some help and advice from fellow warriors who know their stuff in this field.

Either that or I am about to go out on one of the most brutal vigilante rampages around the streets of newcastle and the hills and fields of Northumberland. (Just kidding - for now).


I am going nuts, and would be ridiculously grateful for any help, and I shall forever be in your debt if you can help me solve this!
#business #foreign #hackers #putting #teenage
  • Profile picture of the author Soapyshoe
    Looks like you're going to need to hire protection, or find somebody who has experienced this problem before.

    This is the first time I've heard anybody talk about a problem specifically like this.

    Why not call an expert on these matters and have him talk you through the solution?

    Rather than $100 a pop, you pay him $1000 flat to investigate and solve the problem once-and-for-all?
    Signature
    http://thewordpressdepot.com/ - Turn Your Dream Of Starting An Online Business Into A Reality
    {{ DiscussionBoard.errors[1921556].message }}
  • Profile picture of the author EndGame
    I'd love to have that $1,000 to pay him.
    Signature
    "Better a student of reality than a master of illusion"
    {{ DiscussionBoard.errors[1921558].message }}
  • Profile picture of the author Vijay M
    Just a start:
    1)Do you change the user-id from the default "admin" ?
    2)Rename the word press table names(replace the default "wp" in front of all table names with some other string)

    In most cases these 2 changes should help.
    {{ DiscussionBoard.errors[1921640].message }}
  • Profile picture of the author Damien Roche
    I agree with Vijay above - and you should use that principle across the board - protect your wordpress installation via obfuscation.

    However, to resolve this long-term you need to find out exactly how these hackers are gaining control over your blog, then work at resolving that. And it can be very simple in most cases.

    What you should do is check your php and apache error logs, then investigate any errors. You see, it's more than likely these hackers will trigger at least one error as they attack your site. The error will reveal how they are attempting to hack your site.

    Apart from that, you can be super sure by forcing the admin user row to be unchangeable. I think you can do that using phpmyadmin. And you can also block all requests for user change but your ip.

    Let me know if you want me to take a look (for free)..I will try advise on a simple solution.
    Signature
    >> Seasoned Web Developer (CSS, JavaScript, PHP, Ruby) <<
    Available for Fixed Fee Projects and Hourly ($40/hr)
    {{ DiscussionBoard.errors[1921663].message }}
  • Profile picture of the author EndGame
    Most grateful for the last two contributions.

    Damien, I might just take you up on your offer if that is alright with yourself.

    I have changed the "admin" as mentioned, and the displayed admin name is different from the login admin name. But it's a good point.

    Second of all, I haven't changed the prefix. Just learning how to do that manually with phpmyadmin right now as we speak. The hackers have already attempted getting back into the site since I fixed it. It's a race against time and them! lol.

    Two of my sites were hacked today. In one case I believe they found out my nextgen gallery needed updating and maybe exploited that.

    In the second instance, I just got an email from wordpress telling me my password had been changed/lost.

    I could look for php errors, but not being overly technical, I am not sure if I'd be able to discern from that information what it was they did to get access.
    Signature
    "Better a student of reality than a master of illusion"
    {{ DiscussionBoard.errors[1921678].message }}
  • Profile picture of the author rosetrees
    I've a feeling that James (Richjerksnet) sells a product called something like blog lock down.

    I've just done a search and can't find it - so I'm probably remembering the title incorrectly.

    Have you spoken to your web host about this?
    {{ DiscussionBoard.errors[1921694].message }}
    • Profile picture of the author EndGame
      Hi Rosetrees,

      Thanks for the input. I haven't contacted my host, because strictly speaking it's a wordpress issue, and they offer no support for it, which is a big shame. I am likely to get a "build your sites in a different way" response from them. Which doesn't help!

      Hi Fernando

      I've been using wordpress for years, and this has only just become an issue for me. I even took precautions to stop this kind of thing happening, but it just hasn't worked. Even with the upgraded versions of wordpress being more sophisticated, it seems to be more rampant than ever. I will be looking at new ways of building my sites in future (or hopefully generate enough cash to pay some one else). For now though, I am stuck with finding some short-term security solutions to bring some balance to my operation.

      Thank you kindly for the best wishes as well buddy.
      Signature
      "Better a student of reality than a master of illusion"
      {{ DiscussionBoard.errors[1921742].message }}
    • Profile picture of the author halfpoint
      Originally Posted by rosetrees View Post

      I've a feeling that James (Richjerksnet) sells a product called something like blog lock down.

      I've just done a search and can't find it - so I'm probably remembering the title incorrectly.

      Have you spoken to your web host about this?
      Blog Lock Down is a different one. James' product is called "Wordpress Secured".

      It's pretty awesome as far as security goes. The only draw back is you have to use an old version of Wordpress with it or manually change about a hundred files on your current version.
      {{ DiscussionBoard.errors[1921820].message }}
  • Profile picture of the author Fernando Veloso
    Wow!

    Always used WP expecting it to be supa dupa secure!!!

    Guess I'll have to take some actions next week!

    Wish everything gets solved fast mate.
    Signature
    People make good money selling to the rich. But the rich got rich selling to the masses.
    {{ DiscussionBoard.errors[1921715].message }}
  • Profile picture of the author czilbersher
    You supply the gun; I'll supply the bullets. I am currently dealing with the same B.S. on a few of my sites and would like nothing better than to inject the offending little Eastern European tykes with a needle-full of HIV. Aaaw...am I being a widdle bit too harsh? This type of hacking simply isn't funny when it affects one's ability to make a living and provide for one's family. My sympathy is with you. If you ever decide to create a WSO on how to secure the infamously-badly secured WordPress CMS, please let me know. I'll buy it.
    Signature

    {{ DiscussionBoard.errors[1921856].message }}
    • Profile picture of the author EndGame
      Originally Posted by czilbersher View Post

      You supply the gun; I'll supply the bullets. I am currently dealing with the same B.S. on a few of my sites and would like nothing better than to inject the offending little Eastern European tykes with a needle-full of HIV. Aaaw...am I being a widdle bit too harsh? This type of hacking simply isn't funny when it affects one's ability to make a living and provide for one's family. My sympathy is with you. If you ever decide to create a WSO on how to secure the infamously-badly secured WordPress CMS, please let me know. I'll buy it.
      I know what you are going through.

      I had some very dark thoughts about what I would do if I ever got a location/physical address for these guys. That lasted for a good long time, but I knew that spending my energy on such thoughts were really counter-productive, and I had to play the game as best I could and prevent them from doing this again. It's the best victory we can hope for.

      I won't be doing a WSO on this, but I'll share any of my findings with you. I can also put you in touch with the programmer who is assisting me in fixing my problem. Not the cheapest, but he does seem to know what he is doing.

      I feel your pain and wish you the best of luck with sorting this out. Feel free to PM me for moral support or advice. I seem to be picking up quite a few suggestions, but not sure how useful all of them are for preventing what we're talking about.
      Signature
      "Better a student of reality than a master of illusion"
      {{ DiscussionBoard.errors[1921918].message }}
  • Profile picture of the author BobJutsu
    Two things:

    First, make sure you do all of the updates as soon as they are released. WP makes this pretty dead simple, so there really is no excuse unless you rely on incompatible plugins that don't update well.

    Second, just use htaccess to lock down your wordpress admin directory so no one can access it except the IP's you specify.
    {{ DiscussionBoard.errors[1921879].message }}
  • Profile picture of the author B3n
    Edit edit edit
    {{ DiscussionBoard.errors[1921905].message }}
    • Profile picture of the author EndGame
      Hi B3n,

      My responses are in red.

      Originally Posted by B3n View Post

      Couple of things you could try if you haven't already.

      (1) Turn off FTP (if possible) unless you need to log in and transfer files.

      (2) Rename your wp-admin folder to something completely random like hiddenfolder230291923 and then log into your server and rename it back only when you need to log in to your Wordpress admin area. (this was a suggestion by a warrior, can't remember who or where so sorry if you're reading this)
      I might look into these two options if my current activities fail. I am in and out of these cpanel's and back-rooms so often, that at this point, these solutions seem a bit clumsy

      (3) Go through the process of renaming the database tables (i.e. the wp_ prefix) to something completely random.
      I am currently learning about this process (thank you). I am trying to look for a user-friendly way of doing this. I attempted it on a "dummy site" of mine and had to re-install wordpress again. lol. I am going to try and use the wp security scan plugin for this, but I need to make my database (through wp_config) editable. I also have to make sure the "user" has permission to make the changes. It's turning out to be a long learning process!


      (4) Rename the admin account to something very, very hard to guess and use an extremely strong password Yep, always do this with my sites. Good tip.

      (5) Change the login passwords for your hosting account. Again, always very good with this. I change all my passwords monthly and always when there has been a breach. I don't think they are getting in via cpanel though.

      I would imagine that these hackers have found a weakspot in your setup somewhere and are exploiting it each time. You need to find the hole and plug it.

      They are probably just script kiddies who have found some kind of simple way to hack you. If/when you make your sites harder to crack, they'll likely move on to someone else. I agree and hope you are right! Thanks for the help.
      Signature
      "Better a student of reality than a master of illusion"
      {{ DiscussionBoard.errors[1921934].message }}
  • Profile picture of the author LB
    Are you running all these sites on the same host?

    Some times the hosting company is the problem and there is a vulnerability with their server setup and hackers learn of it quickly.

    I've been with hosts in the past where literally every site on their servers had malicious code added to it...repeatedly. They didn't know what they were doing.

    It could be a problem.
    Signature
    Tired of Article Marketing, Backlink Spamming and Other Crusty Old Traffic Methods?

    Click Here.
    {{ DiscussionBoard.errors[1921981].message }}
    • Profile picture of the author Dennis Gaskill
      Originally Posted by LB View Post

      I've been with hosts in the past where literally every site on their servers had malicious code added to it...repeatedly.
      Let me guess...i power?
      Signature

      Just when you think you've got it all figured out, someone changes the rules.

      {{ DiscussionBoard.errors[1921988].message }}
  • Profile picture of the author Dennis Gaskill
    Are you hosting your client's sites yourself under one of those "unlimited domains" hosting plans? If so, the hacker could have placed a script on one of your sites to provide a backdoor to get in anytime. Maybe it's on one of the sites that haven't obviously been hacked to avoid suspicion, and thus, detection; i.e., sites B, C, and D are getting hacked with obvious results, but the backdoor is on site A, where there are no obvious problems.
    Signature

    Just when you think you've got it all figured out, someone changes the rules.

    {{ DiscussionBoard.errors[1921984].message }}
  • Profile picture of the author Elle Holder
    Originally Posted by EndGame View Post

    I have taken a reasonable amount of advice on preventing this nonsense, including index paging my plugin and theme pages so as not to give anything away and activating the following plugins:

    wordpress firewall
    login lockdown
    wp security scan
    antivirus
    Block Bad Queries
    You mentioned you were looking for a user friendly way to change your wp_prefix. Go to the menu for WP Security Scan via your dashboard, then follow the "database" tab.

    In there you will find a utility to change your WP prefix. Make sure you do a backup first!
    Signature

    {{ DiscussionBoard.errors[1922064].message }}
    • Profile picture of the author ARVolund
      Even if you hosting company does not support wordpress they should be giving you some help with the problem. How do you know it is only a wordpress problem and not a hosting issue if they do not help with the trouble shooting? It seems odd that you keep having the same problems over and over when others do not have the problem at all, to me this could mean that the server is not as secure as it should be.

      One thing to look at is your template files. A lot of times these are left writable when they should be locked down. Once you have your site created very few files should be left writable. All posts etc go directly to the database so you really have no need to leave any files open to being changed.

      Also you need to make sure that your home/office computer is clean. That is something else all the sites have in common. Try logging into the sites and changing all the login info from a different computer and see if that makes a difference.

      Seriously though if my hosting company was as unhelpful as yours seems to be I would be rethinking my relationship with them.
      {{ DiscussionBoard.errors[1922107].message }}
  • Profile picture of the author peterakie
    I don't know much about this but I found this website below maybe it can help. I hate hackers too. To me they are the same as thieves. Good luck. (Make sure its not an inside job.)

    problogdesign.com/wordpress/ 11-best-ways-to-improve-wordpress-security/
    {{ DiscussionBoard.errors[1922164].message }}
  • Profile picture of the author EndGame
    Thanks to all those who have chimed in with help and suggestions. Your questions and suggestions are giving me new things to work through and check, so I am ridiculously grateful to you all. I hope one day some of you give me an opportunity to return the favour some day.

    If I don't get round to thanking you all today, it's only because I am nearing my "thanks" quota for the day.

    With regards the hosting situation:

    I have a reseller account with hostgator.com. Do you think this could possibly be a/the weakness? I run about a dozen sites from this account, but the attacks only seem limited to just under half-a-dozen. Do you think I should get in touch with them?
    Signature
    "Better a student of reality than a master of illusion"
    {{ DiscussionBoard.errors[1922189].message }}
  • Profile picture of the author MemberWing
    Here's situation where I was hacked - and it was unrelated to Wordpress:
    • I run parallel websites on one hosting account. That means that .php script from one site can have full access (including modifying) to the scripts on the other site. So if your another site has buggy script hacker could get through it to your other sites.
    • One of my sites was running forum script that was outdated and that was a security hole
    • Hackers (rather script kiddies) got through that hole and made damage to all my other site on the same hosting account
    Solution:
    Instead of using shared hosting account to run 10 sites - open reseller account (on Hostgator for example) and create separate "account" for each site you run. Then none of these sites will have access to other sites at all. That would remedy above issue and you could in fact charge client $5-$10 for hosting on a recurring basis as well.
    That is a great model to separate businesses and keep them safer.

    Gleb
    {{ DiscussionBoard.errors[1922207].message }}
  • Profile picture of the author EndGame
    Hi Gleb,

    Thanks for the explanation and the break down. Using the reseller method as you suggested is exactly what I am doing at this time.
    Signature
    "Better a student of reality than a master of illusion"
    {{ DiscussionBoard.errors[1922220].message }}
  • Profile picture of the author EndGame
    I wonder if anyone might be able to help me with my current challenge.

    I am trying to use the wp security scan plugin to allow me to easily change the prefixs on my database from wp, to something else.

    When I try to use it however, I get this error message:

    "Your User which is used to access your Wordpress Tables/Database, hasn't enough rights( is missing ALTER-right) to alter your Tablestructure. Please visit the plugin documentation for more information."

    Now, the documentation tells you how to do this manually, but also seems to leave out some detail. What I would like to know is how to make sure my "user" has the required rights to conduct this task? I saw a video that mentioned you could do this in cpanel, but it didn't give anymore information other than "you can do it in cpanel".

    If some one could tell me how to do that, it would move me forward a big step!
    Signature
    "Better a student of reality than a master of illusion"
    {{ DiscussionBoard.errors[1922241].message }}
  • Profile picture of the author MemberWing
    Cpanel->Databases->MySQL Databases->
    there you should see information about databases and users.
    Click on username and make sure "All" privileges are assigned to this user.

    Give or take for slight CPanel differences between hosting accounts - that should be your rough guidance.

    Sincerely, i don't think you will accomplish anything of value from the security standpoint by changing DB prefix.

    Gleb
    {{ DiscussionBoard.errors[1922250].message }}
    • Profile picture of the author EndGame
      Originally Posted by MemberWing View Post

      Cpanel->Databases->MySQL Databases->
      there you should see information about databases and users.
      Click on username and make sure "All" privileges are assigned to this user.

      Give or take for slight CPanel differences between hosting accounts - that should be your rough guidance.

      Sincerely, i don't think you will accomplish anything of value from the security standpoint by changing DB prefix.

      Gleb
      Thanks Gleb,

      I'll look into that. I am changing the prefixes as it is one of the few things I haven't done yet, and at this point I have to assume what I haven't done must have caused the weakness?
      Signature
      "Better a student of reality than a master of illusion"
      {{ DiscussionBoard.errors[1922255].message }}
      • Profile picture of the author MemberWing
        Originally Posted by EndGame View Post

        Thanks Gleb,

        I'll look into that. I am changing the prefixes as it is one of the few things I haven't done yet, and at this point I have to assume what I haven't done must have caused the weakness?
        I'd suggest to check RAW log files (if you have any). That should give you tips of where, how and when hacker first came to your site and what method they used.

        Gleb
        {{ DiscussionBoard.errors[1922261].message }}
  • Profile picture of the author NewBeing
    EndGame, check out this website, it may have something that could help you...

    Hardening WordPress with htaccess

    You may also want to read their Secure WP whitepaper from here...

    WordPress Security Whitepaper

    If any of the techniques work please let us know, good luck!
    {{ DiscussionBoard.errors[1922373].message }}
    • Profile picture of the author ExRat
      Hi EndGame,

      I can't help you on the tech side of things here, but...

      You're a good bloke, who wants to succeed through endeavour rather than sleight of hand, yet you get targetted like this - that's hard to stomach.

      But there's something that I've learned which I'll share with you. When you set your stall out that you're going to make a big effort to better yourself, you kind of send a message out to 'the universe' (bear with me here ).

      The universe receives that message, and thinks to itself - 'ORLY? Are you serious?' The world is full of people sending out this message but many don't really mean it. So the universe has devised a test to see if they're taking the p*** like the rest of 'em, or if they really are setting their stall out to go to a cut above the rest.

      If it just slapped this test obviously in your lap, you would know it was 'the test' and do all you could to pass it and then just sit back and take it easy and get complacent- so it doesn't work like that. Instead, it creeps up from behind, from the side - wherever you're not expecting it.

      The logic is this - if you can't cope with being unjustly targetted for hacking, then how will you cope with more serious challenges in business?

      The universe is testing your ability to 'go the distance'.

      Have you got the stamina, and the right constitution?

      My point - when you view it like this - (whether this view is accurate or pure fantasy is irrelevant) - there's only a positive outcome for a winner. And when you get a really annoying, persistent, undeserved test like this, you never know, the rewards for reaching the other side of this challenge could be deep, lasting and empowering.

      The more you invest in not giving up, the more you have to lose if you did give up. It's a good investment. Perhaps, further down the line, you might be thanking the hackers for aiding your development. Life's funny like that. But this is how it seems to challenge me.

      You might not make your fortune in the specific direction in which you are pushing right now. But regarding the nature of the challenge - it's irrelevant. What you are ultimately after gets closer to you on the winning side of this challenge.

      Sorry for going all 'mind warrior' on you, but it's the answer that I felt was the most appropriate available offering.
      Signature


      Roger Davis

      {{ DiscussionBoard.errors[1922495].message }}
      • Profile picture of the author DonnaLeona
        Hi,

        A warrior here named Craig Desorcy has a product that might help. There is a $37.00 DIY version and a more expensive version for him to do it (or his staff probably).

        I have not used it so I can't give an opinion on it:

        Blog Lock Down: Secure Your Wordpress Blog Today (not an affiliate link)

        Good Luck. Life is full of learning curves and it is irritating!

        Best,
        Donna
        {{ DiscussionBoard.errors[1922535].message }}
      • Profile picture of the author keries
        Great suggestions everyone.

        Unfortunately these teenagers treat it as some sort of game and get kicks out of it. They run packs and share knowledge like trophies so as one wall is made they knock it down even faster.

        My guess is that they are currently reading this forum and are have worked away around the latest fix before it is even implemented. I've had a couple of WP blogs attacked and although it's a pain have restored them from my regular backups. I have the backups sent to a gmail account so that I have copies elsewhere besides my computer and hosting accounts.
        {{ DiscussionBoard.errors[1922577].message }}
  • Profile picture of the author Rus Sells
    I recently had a problem right after installing several blogs on some class c ip addresses.

    All my blogs got hacked and it totally screwed them up. I simply called my host "TOLD" them to do a complete security scan of my account.

    Sure enough they found that the access was granted via ftp access and the hackers were injecting code into the themes. After making an ubber password that even NASA couldn't crack I've had no further problems.
    {{ DiscussionBoard.errors[1922661].message }}
  • Profile picture of the author Rus Sells
    By the way guys the term is Cracked, not hacked! And it does not really matter as cjmo says. If some one wants to beat the door down they'll find a way no matter the platform your using.
    {{ DiscussionBoard.errors[1922685].message }}
  • Profile picture of the author Sue McDonald
    I had one of my WP sites cracked and it was with hosting service. After trying to get it fixed through the live chat line 3 to 4 times, I was advised to immediately contact the security for the hosting company through their ticketing system. They contacted me and fixed it and told me to up grade the WP version because the older versions are easier to hack. It really annoyed me that someone would take the time to wreck my site.
    {{ DiscussionBoard.errors[1922690].message }}
  • Profile picture of the author EndGame
    Hi Roger.

    Good to see you posting again. And thank you for taking the time to comment on here.

    "who wants to succeed through endeavour rather than sleight of hand, yet you get targetted like this - that's hard to stomach."

    For me that was the key sentence, I think you know what I am about in some sense through previous discussions and this is just getting really difficult for me to take mentally, especially when after working harder than most people on my wp security, I am still getting hacked.

    Initially when this kind of thing happens, I feel defeated and then angry.

    You see, this hacking "test" or "trial" seems to have met at an intersection of other tests. Clients not paying, wasting my time and not coming up with the money after a service has been delivered to the exact specifications of our agreements. These people of course are doing this on the (correct) assumption that I won't retaliate legally due to lack of funds and time.

    Facing a small cash flow problem (the small kind that could kill off a newly formed company) I decided to meet that challenge by pushing harder and creating a new online income stream that I knew would generate a steady income. Resolved to conquer my troubles I got up early this morning to sort things out, only to be met with the foreign scriptures of the latest hacker who has spent weeks trying to deface my site.

    It was the last thing I needed.

    "Maybe this isn't for me"

    To be honest though, whilst it would be nice to say "I'll just give up" I really don't have that luxury. I have committed myself mentally, financially, physically, legally and philosophically to seeing this through and making a success of it. I have very little to fall back on by way of a "plan B".

    From there, I find myself allowing my mind to fantasize about the retribution I would deliver to those who would actively set out to destroy the careers of people they know nothing about. That is just as counter-productive as the first thought however.

    This test as it is, is literally crippling my business and me. What is more, there seems to be few people who can definitively answer this problem and help me. And my budget is far too strapped to allow me to find and pay for the expert who could help me. That is my own fault, and I blame no one but myself for the predicament I find myself in.

    What you said Roger makes a lot of sense. Whether I believe literally in the reaction of the Universe is irrelevant. I need to consider this a test of my motivation and desire to succeed.

    I really do appreciate the advice and the words of encouragement. In some ways your contribution (no matter how mind warriory!) is just as important and needed as the tech-stuff. I really appreciate it, and hope that this thread may help others come to terms with similar problems that they might be experiencing.
    Signature
    "Better a student of reality than a master of illusion"
    {{ DiscussionBoard.errors[1922722].message }}
  • Profile picture of the author EndGame
    Richard,

    I shall be looking to move to other alternatives, for now, I need to keep my word to my clients and honour my obligations to them.

    I do intend moving outside of wordpress, and even one day hiring a very talented programmer. For now though, I need to make the most of what I have.
    Signature
    "Better a student of reality than a master of illusion"
    {{ DiscussionBoard.errors[1922787].message }}
  • Profile picture of the author papagiorgio
    I have been through this several times. The last time it happened was 15 minutes after I installed wordpress on a brand new site. I was able to see the process in the log files. It is just a bot that runs and checks several combinations of admin pages until it finds the right one then it uses whatever security loophole to gain access, change your password and email address.

    The process I would go through after was to go into phpmyadmin and run some sql to change everything back.

    Finally I decided to lock down my wp-admin folder and I haven't had a problem since. To do this you need to place a .htaccess file in your wp-admin folder. This file should be set up to block all IP addresses from accessing the wp-admin folder. You can set it to allow your IP address only. If you have a dynamic IP address this won't work. But you can ftp and remove the file anytime you need to access the admin area.

    It might be a pain, but it is a lot easier than fixing 30 sites that have been hacked.

    And someone mentioned using a reseller account to limit the damage. I run 2 reseller accounts and have had it happen to multiple sites at the same time even with their own Cpanels. These bots basically sniff along IP ranges.
    {{ DiscussionBoard.errors[1922808].message }}
  • Profile picture of the author rondo
    Have you talked to your web host yet?
    Signature
    {{ DiscussionBoard.errors[1922854].message }}
    • Profile picture of the author EndGame
      Originally Posted by rondo View Post

      Have you talked to your web host yet?
      I am awaiting for a reply to my ticket. The online chat customer service reps say they cannot deal with it, and have referred me to an email address.
      Signature
      "Better a student of reality than a master of illusion"
      {{ DiscussionBoard.errors[1922867].message }}
  • Profile picture of the author rondo
    See here's the thing. You're acting as your client's web host but you're probably not qualified to be, and this hosting problem is now jeopardizing your main business.

    Instead of you being the host, make $100 per referral and leave the business of hosting and the problems of hosting to the professionals.



    I hope you get this problem sorted out quickly.

    Andrew
    Signature
    {{ DiscussionBoard.errors[1922900].message }}
    • Profile picture of the author EndGame
      Originally Posted by rondo View Post

      See here's the thing. You're acting as your client's web host but you're probably not qualified to be, and this hosting problem is now jeopardizing your main business.

      Instead of you being the host, make $100 per referral and leave the business of hosting and the problems of hosting to the professionals.

      Andrew
      True,

      And I offer the clients that option, but often, it is the case they don't want to deal with the hosting. I still maintain this is a CMS issue and not a hosting issue, though I will stand corrected if I am proven wrong in the hosting company's response.
      Signature
      "Better a student of reality than a master of illusion"
      {{ DiscussionBoard.errors[1922912].message }}
  • Profile picture of the author Colin Palfrey
    Hi Endgame,

    The problem seems obvious but not what your thinking.

    If they keep going after sites you have made, then clearly you are leaving some kind of traceable calling card on them.

    Do you put "made by..." or something similar on everyone of these sites ?

    I am also not assuming this is just kids, as the more likely possibility in my mind is that your hackers are someone you are (in their opinion) taking business from.

    Good luck,
    Colin
    Signature

    I write articles and eBooks - PM me for details!
    {{ DiscussionBoard.errors[1922917].message }}
    • Profile picture of the author FreshMedia
      I had a bunch of sites hacked simultaneously a few months ago, luckily my host was able to restore all of them for me. But let me explain how this happened to me, and why it may not always be a vulnerability in your CMS.

      I some how managed to get spyware on my machine that exploited a vulnerability in the FTP client FileZilla. It got the ftp login credentials for most of my sites. A hacker can install scripts and do almost anything they want once they have your ftp account.

      I had to change all the ftp account passwords for all my sites, and install the Lavasoft spyware removal software, so it won't happen again. At this point I'm scared to use FileZilla, and upload all my files through the control panel.

      Learning another CMS is also not a bad idea. I use Drupal for all my client sites, and WP for my niche sites.
      {{ DiscussionBoard.errors[1923037].message }}
      • Profile picture of the author emigre
        Originally Posted by FreshMedia View Post


        I had to change all the ftp account passwords for all my sites, and install the Lavasoft spyware removal software, so it won't happen again. At this point I'm scared to use FileZilla, and upload all my files through the control panel.
        Were you using ftp or sftp? You should always use sftp.
        {{ DiscussionBoard.errors[1923739].message }}
    • Profile picture of the author M Thompson
      Apart from always ensuring that you have the latest version of wordpress make sure you need every plugin you use. if you don't need it remove it.

      Also consider yourself lucky that the didn't just log in and change your aff links or adsense code to theirs! Thats much harder to spot
      Signature


      If you are serious about online marketing come and Join our free community The Foundation
      {{ DiscussionBoard.errors[1923780].message }}
    • Profile picture of the author warfore
      I used the WP Remix theme for one of my best sites but had to get rid of it. I used all the steps above but it would still get invaded. I just found it to be very supceptible to hacking. I had to start over a couple of times on that site. My take is that for some reason all of that script on the many static pages in the theme make it a target. Don't know if that is the real reason but it points that way. Once I went to a more stable theme I have not had the problem (so far).
      Signature

      Regards,

      Tony

      {{ DiscussionBoard.errors[1924663].message }}
  • Profile picture of the author M0n3yMan
    There could be a number of ways they are doing this,
    First of all it could be that they have found a flaw in your hosting(but i doubt it as its a big company).

    secondly they hav found a flaw in wordpress but you have the latest version so I will assume that wordpress isnt at fault,BUT with wordpress you can install a number of plugins and themes which are all 3rd party coded with no security checks and any of these could have a security flaw or back door.

    What I would do is make a list of all the plugins and themes plus versin numbers and one by one check to see if there are any vulnerabilities. you could also type plugin name +hack into google.

    also because they have managed to get in check to see if they have uploaded any scripts because even if you manage to make your sites completely secure they will now be able to access your site via this backdoor.

    also take the basic steps to protect your wordpress folders like the content and plugin folders by at least putting a blank index.htm file so they cant access the directories to see what plugins you have.
    {{ DiscussionBoard.errors[1922976].message }}
  • Profile picture of the author B3n
    Edit edit edit
    {{ DiscussionBoard.errors[1923714].message }}
  • Profile picture of the author jazbo
    I would not just assume its a wordpress problem and therefore not your hosts. If they have placed a backdoor somewhere they could be accessing everyone on that particular server.
    Signature
    CONTENT WRITER. Reliable, UK-Based, 6 Years Experience - ANY NICHE
    Click Here For Writing Samples & Online Ordering
    {{ DiscussionBoard.errors[1923800].message }}
  • Profile picture of the author EndGame
    Hi Guys.

    Greatly appreciate everyone's input here.

    Everyone's questions, thoughts and inputs have led me to go off and research and implement what they are saying.

    I contacted my hosting company about one of the two websites getting hacked yesterday. They returned my email saying that my public_html folder permission was set to 755 when it should have been 750.

    Now, I don't know if this is enough to cause what has been happening, but interestingly I put up wordpress on one of the domains that has been repeatedly attacked lately. I did no security work on it, and but the hosting company changed the public_html permissions to 750 (the correct settings). This morning when I woke, it was un-harmed.

    However, the other website, that still had the wrong permissions (755) was hacked. That was even after I put a colossal amount of plugins up on it and did some work with databases etc.

    My hosting company told me this small factor was enough to allow the hacker to alter my database or page in the way that they did. Interestingly, I would have assumed that the permissions would be 750 by default? I didn't change them, I know that much. Not deliberately anyway.

    This seems like too simple a solution, but I am going to trust the experts on this and see how it plays out. I am also going to implement a lot of the strategies that have been recommended/suggested here and I'll report back with the results.

    I am also going to post back here (once I have fended off the current attack) with a list of resources and guides I have found in the last 24 hours that have helped me better understand wp security etc.

    It's been really good to know that I am not the only one who has experienced this (although I wouldn't wish this on anyone). I am grateful for the sharing of experiences and I am very grateful for all the warriors who jumped in to help me in my time of need. I know one or two in this thread are still facing this problem, so I will test this "fix" and see if it prevents my problems. I'll also post very soon with some helpful resources.

    Wish me luck!
    Signature
    "Better a student of reality than a master of illusion"
    {{ DiscussionBoard.errors[1924116].message }}
  • Profile picture of the author n7 Studios
    Originally Posted by EndGame

    I know these hackers are just out to target anyone they can, but they seem to find two of my sites every time. I don't feel like I deserve any of this, but I seem to keep having my weekends ruined by it.
    - Using the same email address for the admin account during each Wordpress setup, or all your email accounts have the same password? If so, change your email password - now.

    - Likewise, if you're using the same password for your Wordpress, email and FTP - change them now, and ensure they're different.

    - On shared hosting? An insecure script from another hosting user could provide access to other parts of the shared host, including your sites. If so, go down the virtual / dedicated route, depending on your requirements / site traffic.

    Wordpress is as secure as any other CMS, and I wish people would stop suggesting otherwise. It's open source, and as such its code is available to anyone who wishes to find and exploit its security flaws. The same goes for Drupal, Joomla and so on.

    Keep it updated, go with a reliable, secure host, and have sufficiently complex different passwords for email, FTP, control panels etc.
    {{ DiscussionBoard.errors[1924200].message }}
  • Profile picture of the author EndGame
    Hi n7 studios,

    I am not making any of the mistakes you have mentioned in your post. I keep databases of all passwords, usernames and email addresses on a computer I don't use for internet browsing in a pdf. I update this database monthly as well with new passwords across the board. Each one is randomly generated (none of them are "mycat09" or anything like that).

    All passwords and login details are different.

    I have a reseller account with hostgator who *think* they have identified the problem as I mention on my post above yours.

    I am not going to get into a discussion/argument about how secure wordpress is, but when I have dealt with other websites which did not run on wordpress, I never had this headache, and indeed only started having this with wordpress this year.

    Potentially, this could be a problem with some of the permissions on some of my folders in my file manager. I hope that this adjustment resolves the problem. It still seems to be an art-form securing wordpress.
    Signature
    "Better a student of reality than a master of illusion"
    {{ DiscussionBoard.errors[1924221].message }}
    • Profile picture of the author keyaziz
      Originally Posted by EndGame View Post

      Hi n7 studios,

      I am not making any of the mistakes you have mentioned in your post. I keep databases of all passwords, usernames and email addresses on a computer I don't use for internet browsing in a pdf. I update this database monthly as well with new passwords across the board. Each one is randomly generated (none of them are "mycat09" or anything like that).

      All passwords and login details are different.

      I have a reseller account with hostgator who *think* they have identified the problem as I mention on my post above yours.

      I am not going to get into a discussion/argument about how secure wordpress is, but when I have dealt with other websites which did not run on wordpress, I never had this headache, and indeed only started having this with wordpress this year.

      Potentially, this could be a problem with some of the permissions on some of my folders in my file manager. I hope that this adjustment resolves the problem. It still seems to be an art-form securing wordpress.
      My brother and I BOTH got a virus issue last week on both our hostgator accounts. They managed to hit ALL of our sites despite different passwords and being up to date etc. Hostgator helped with the issue and pointed me to where the files were that kept reinstating the virus after I deleted it and I was able to rectify it. But it was not nice going through 70 websites and deleting stuff, changing passwords etc.

      Maybe its a hostgator problem and not you?
      {{ DiscussionBoard.errors[1924254].message }}
      • Profile picture of the author EndGame
        Thanks Keyaziz.

        I would hope hostgator have looked into it and have correctly identified the problem. But you could be right yes, it's something I need to look at.

        Thanks smokey. Appreciate the input. I am aware of the sql injection attacks. I am running the latest version of wordpress. Appreciate your offer, I may well contact you in the close future.
        Signature
        "Better a student of reality than a master of illusion"
        {{ DiscussionBoard.errors[1924590].message }}
    • Profile picture of the author n7 Studios
      Originally Posted by EndGame View Post

      I am not going to get into a discussion/argument about how secure wordpress is, but when I have dealt with other websites which did not run on wordpress, I never had this headache, and indeed only started having this with wordpress this year.
      No plans to discuss or argue here - simply pointing out that you are blaming one issue (Wordpress) on another (your web host configuration).

      Unless you've installed an extremely dodgy script on your Wordpress site, it's highly unlikely that Wordpress itself is suddenly going to start changing permissions for your web site's root folder (public_html).

      Go and create a new account on your reseller hosting now. Is its public_html set to 750, or 755? Surely that'll answer your question and put to rest any worries about this happening in the future...?
      {{ DiscussionBoard.errors[1925063].message }}
      • Profile picture of the author EndGame
        Hi n7,

        Unless I have written something particularly vague or misleading at no point was I blaming the hosting issue on wordpress as you are suggesting I have. At no point did I do that as far as I am aware (and that certainly was not my thinking process).

        What I did was assume the problem was solely a wordpress one. In actual fact, in this instance, it was the permissions on my public_html folder in my hosting.

        However, although that is the case here, and that slight change made the difference as far as protecting my site is concerned, I have been attacked by hackers who directly exploit vulnerabilities in wordpress. A little work and plugins did the trick to stop that mostly *touch wood*.

        I spent £100 hiring a programmer to check the seals and protect my most important client site that was under attack. In my next post, I'll write down some of the things he did for others to see. Admittedly I could have got this done cheaper, but I wanted it done fast and well.

        Wordpress is a great CMS, and I love it, however some of the security checks I have in place on my site have had slight adverse affects on the usability and functionality of my site.

        Here is what I am certain of, contrary to a lot of advice on wordpress blogs and forums;

        It is not enough to simply have a long password and make sure your wordpress version and plugins are up-to-date. Securing wordpress properly is not very straight-forward for some of the non-technically minded people who use it as a CMS (including me to a large extent).

        I like Wordpress and will continue to use it for now, but millions of copies of wordpress have been downloaded. It's a popular script and thus there is a community of jerks who make it their business to find and crack wordpress sites for fun, for political gain or out of misguided hatred and anger. If you are not doing anything, or if you are doing very little to secure wordpress, you're running a risk.

        I'll post some more details soon for others in this thread who have mentioned they have been having similar problems. Wordpress is great, but it's important to secure it as best you can to limit the chances of you going through what I did.

        I'm going to use wordpress for now, but the long-term goal now is to totally move away from it and possibly have a custom CMS created.
        Signature
        "Better a student of reality than a master of illusion"
        {{ DiscussionBoard.errors[1934337].message }}
  • Profile picture of the author DesmondTan
    so sorry to hear that from you , i hope that it does not happen to anyonbe else...
    {{ DiscussionBoard.errors[1924386].message }}
  • Profile picture of the author smokey2k
    what verison are you using of wordpress? there is an exploit out there that allows you to reset the admin pw w/o any knowledge.. basically its an SQLi injection that you do on the reset pw page where you need to put in the key it emails you, goto that screen (log in > forgot pw > confirmation code) and put a single quote in the text field ---> ' just like that...see if it reset the pw.... thats just 1 exploit, and its old and if you update and arent using a nulled verison you should be fine against that attack. PM Me or instant message me on aim / aol screen name = "smokey" .. I am a hacker and I get paid to not only blackhat market, but audit webservers as well, wordpress & joomla are 2 big marks in that realm.
    {{ DiscussionBoard.errors[1924396].message }}
  • Profile picture of the author Gail Sober
    Are you installing Wordpress via your hostings admin tools or manually?

    I would suggest installing manually and make sure that you are editing the config file and using the key generator which adds a layer of protection.

    http://api.wordpress.org/secret-key/1.1/

    Also, check your templates footer.php file. A lot of free templates use encoded text there and my rule is, if I can't read it and understand what it does, I don't use it.
    {{ DiscussionBoard.errors[1924685].message }}
  • Profile picture of the author thegamecat
    Disable FTP
    Disable SSH

    Wait and see if they hack your site.

    If they do, someone has root access to your server or your hosts server. Let your host know and get them to sort it out.


    Also - if you're on a dedicated ip, or a vps with an allocated ip range - get your host to change it.
    Signature

    Flying

    {{ DiscussionBoard.errors[1924782].message }}
  • Profile picture of the author zoobie
    Bad to hear that. May be we all need to learn how to protect our wordpress blogs better.
    Computer or network security is very important these days. But mostly we don't learn our lessons till something happened
    {{ DiscussionBoard.errors[1924806].message }}
  • Profile picture of the author milan
    Endgame,
    I've sent you a private message. I've made a plugin to rename the database tables and admin account (the only plugin which does these correctly).
    I've sent you other program which does make Wordpress security tighter.
    {{ DiscussionBoard.errors[1924908].message }}
  • Profile picture of the author milan
    Hm, at times I feel like a ghost.

    The most vulnerable part of Wordpress, that nobody mentioned here is:

    plug-ins.

    They are being developed by everybody and their brother, and there are no limits on what a plug in can do. Basically, nothing forces a plug in developer to write secure code and a lot of them have security vulnerabilities.

    Use only plug ins that you need. Make sure you're not using versions widely known for vulnerabilities. Ideally, analyze the plug in security.

    A common scenario for a "teenage hacker" is to search a hacker database of plug in vulnerabilities and attack blogs which use these plug ins.
    {{ DiscussionBoard.errors[1937042].message }}
  • Profile picture of the author Jesus Perez
    Just went through all my public_html folders. I can confirm they are all 750. It appears to be the default setting... so if it was set to 755, that would explain the problem. 755 means read and execute access for everyone and also write access for the owner of the file.
    Signature

    {{ DiscussionBoard.errors[1937745].message }}
  • {{ DiscussionBoard.errors[1937961].message }}
  • Profile picture of the author JFalcon
    Are they attacking other sites on your host? or just you?
    Signature
    Local Internet Marketing For Small Business
    - Do It Yourself Internet Marketing For Small Local Business

    {{ DiscussionBoard.errors[1937994].message }}
    • Profile picture of the author EndGame
      Hi Jfalcon,

      They have attacked two or there of around 8 sites of mine.

      It's interesting, they get some but not all. I bet if I looked into it, the sites they are attacked are probably the ones that have permissions set to 755.
      Signature
      "Better a student of reality than a master of illusion"
      {{ DiscussionBoard.errors[1938089].message }}
  • Profile picture of the author Rounded
    I am sorry to hear about what you are going through endgame. I hope you'll get rid of those attacks once and for all.

    I have a few questions about wp security that concern me and I would thank anyone who read it and tries to help.

    I have yet to create any sites (newbie...) but I read somewhere about a guy that simply block the ip's of all countries except for usa, uk and maybe some of europe. How can it be done and do you think its effective?

    Also, some of you mentioned to update the wordpress blog to the newest version, but wouldn't it cause problems with other security plugins such as wp firewall and login lockdown? (you do run those plugins right?)
    {{ DiscussionBoard.errors[1940951].message }}
  • Profile picture of the author greenovni
    Not sure if anyone gave you this solution as I didn't have time to read the whole thread but you can set up WP to just allow log-ins from specific IP addresses.

    You do this by uploading an .htaccess file to your wp-admin folder

    Secure your /wp-admin/ directory. What I've done is lock down /wp-admin/ so that only certain IP addresses can access that directory. I use an .htaccess file, which you can place directly at /wp-admin/.htaccess . This is what mine looks like:

    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName "Access Control"
    AuthType Basic
    order deny,allow
    deny from all
    # whitelist home IP address
    allow from 64.233.xxx.xxx
    # whitelist work IP address
    allow from 69.147.xxx.xxx
    allow from 199.239.xxx.xxx
    # IP while in Kentucky; delete when back
    allow from 123.456.789.xxx

    Obviously, you just copy and paste the above code on a txt file, replace the IP addresses accordingly and the hackers will not be able to log in any more

    Greenovni
    {{ DiscussionBoard.errors[1941415].message }}
  • Profile picture of the author EndGame
    Hi Folks,

    Been a while since I last posted here and it has been a couple of weeks since the last major attack on a client's site. One of my personal sites was hit again recently as well.

    I don't want to go as far as to say as that I am fully protected, because I know that the sites will never be 100% safe and thus I can never be 100% certain I won't get hit again. However, I have done a lot over the last few weeks to prevent these hack attacks from happening again any time soon.

    Quick re-cap:

    Basically these hackers were changing the password to my wordpress dashboard and then changing the look of the theme being used on the site. None of the content was changed. In some instances, they would also leave some code on my database so that when I changed the password, they would retrieve it with ease.

    Pretty annoying, and as I mentioned in my post, if I couldn't get over this issue, I would surely no longer be in this business (offline consulting etc).

    My business model is primarily to deliver online marketing solutions. Online and offline marketing are very similar, it's the "platform" that is different. I try and bridge this gap in understanding and application of marketing campaigns.

    I do offer website setup/creation as a service. I do this because it is a good "gateway" product. If people purchase this entry-level item, I can up-sell them later on SEO or other traffic/marketing strategies. (Think of it as offering a 7 dollar ebook to get some one in your sales funnel).

    I keep prices low as possible and use wordpress to create the sites. I do this for two reasons; the first is I know wordpress, the second is, I can easily teach the client how to edit their own website. Win-win.

    I was mindful of some of the security issues people had with wordpress, so I did more than most do to protect my site. I installed an array of plugins to make sure that my sites were protected and I kept a careful eye on new updates for wordpress.

    It seemed that two or three of my websites were constantly getting hacked though. It also seemed that new websites I began working on in particular were constantly being hacked/cracked/attacked. It's a huge frustration and very embarrassing if/when it happens to a client's website.

    In my hour of need I turned to the Warrior Forum and I was not disappointed. Every single person's contribution gave me something to think about and something to check. I couldn't possibly think of everything myself and thats exactly why i reached out to my friends and peers on this forum. I am ridiculously grateful to each and everyone of you. Had it not been for your input, there may well have been things I would have missed and there was one thing in this case that I had missed....

    I did two things to try and resolve my issues once and for all:

    1. I hired a programmer to secure the site and give it a check to see if there was any code lying around.

    2. I contacted my hosting provider and asked them if they would be able to assist me in determining how these hackers were cracking my sites.

    The programmer did an excellent and fast job. He locked that sucker up so tight I found it difficult to access it myself! Unfortunately, this meant some plugins/features of wordpress did not work exactly as they should have. In most cases it was just a case of removing and then re-uploading a .htaccess file.

    My hosting company got back to me exceptionally fast. It turns out that the "permissions" on my public_html folder were set to 755 when they shoul have been 750. 755 essentially means anyone can "write" the file or folder. It leaves your website/blog wide open to an attack/mysql injection.

    Between the programmer and the hosting company, I think I have identified the common flaw and weakness in my sites. All the sites where the permissions were not set correctly, were the ones being attacked. The thing I couldn't work out though was, I had never changed the "permissions" on any folders of files in my cpanel. How did this happen?

    I thought nothing of it, set my sites to the correct permissions, let the programmer work his magic and then went about my business.

    In a "test" I setup a wordpress site on one of my domains as "hacker" bait. I did nothing to it in terms of security but I made sure the permissions were set to 750 (the correct value).

    Two weeks later, and yet again it gets hit. I look through the logs to try and see how or where the hack occurred etc and again I contacted my hosting company. They told me the permissions were again set at 755 (which was weird because I had made sure not to have the permissions set at this value). After some back and forth with my hosting company it turns out,certain ftp programs have the ability to change the permissions of your folders.

    This would then explain some of the things that have been happening and why only certain sites of mine have been hit (I have three different comps and use different ftp clients on each one). I didn't remember using an ftp client on this site though, and I would be interested to know if there is any other way the permissions can be changed without your consent/knowing (if anyone knows the answer, please share it with me, as I am struggling to find an answer to this for myself).

    So, at this moment in time I am okay, but I am keeping a close eye on my website folder permissions and I am trying to work out what might be changing them if not my ftp client.

    In brief, here is what I have learnt from this episode:

    1. The hackers themselves come from communities of "script kiddies" . They use automated scripts and programs to hunt out and attack wordpress (and probably other CMS'). They do it for sport, enjoyment, or sometimes to further an ideological or political viewpoint of theirs. They love this, they don't care about you, your site, your business or clients.

    2. The hackers will often leave email addresses all over your site. You might be tempted to give them a piece of your mind at these email addresses, but these email addresses are setup to send a bunch of viruses your way. Ignore them and send them no message, otherwise you just play into their hands.

    3. Contact your host as soon as you get hacked, they should be pretty helpful if they are any good. Check your folder permissions as well. (I tend to only use file managers on cpanel to do my ftping now).

    4. Keep backups and use them if/when you get hacked. This allows you to resume normal service very quickly.

    5. If you use wordpress, make sure it is up-to-date, and the same goes for your plugins.

    6. Scan your computer for malicious software that sits there quietly but records all your passwords etc. You REALLY don't want this software on your computer! Here are the links my hosting company sent me to:

    Malwarebytes
    HouseCall - Free Online Virus Scan - Trend Micro USA

    You probably have antivirus on your comp, but often the mainstream security software on the market today won't pick up on this malicious software. Apparently the above two links are pretty good though.

    7. Also, just as a side-note, whilst I think of it; make sure your passwords are nice and long, and complicated. Throw in numbers and letters. I have been keeping hand-written hard-copy of all my access passwords, and I am getting into the habit of changing them every month. I wouldn't imagine that you need to go this far, but I am just trying it out for the next few months.

    8. I would recommend using these plugins:

    Login Lockdown
    Block Bad Queries (BBQ)
    Antivirus
    Secure Wordpress
    Wordpress Backup
    Wordpress Firewall
    WP Security Scan
    WP table_prefix changer

    Those are just a few good plugins to use.

    9. When in doubt, turn to the warriors. Lots of good and knowledgeable people here who are willing to help you when you need it. I am still trying to figure out a way of thanking this forum for all it's help and support.

    The above are just some tips and techniques I have picked up during my research on this horrible topic. It's by no means comprehensive and I am pretty sure that whatever I do I will always be at risk. I have to get proficient at limiting that risk though. I hope some of this info helps some of the people in this thread who have had tough times with this kind of BS before.

    P.s. If you are wondering how to change the permissions on your folders, just go to your cpanel, go to the file manager and then the folder. Right click (or control and click) and click on the link "change permissions". The rest is self-explanatory from there.

    All the best to you, and thank you everyone.
    Signature
    "Better a student of reality than a master of illusion"
    {{ DiscussionBoard.errors[1977242].message }}

Trending Topics