13 {{ upvoteCount | shortNum }}
13 {{ upvoteCount | shortNum }}

Wordpress Blog Hi jacked again

by Paul Barber
11 replies
I have had my sites (hosted on Hostable) hi jacked for a second time and the front page goes to ypsilon.com. This is the second time it was happen. Last time (on hostable's advice) I deleted the whole installation and started again (several weeks later) but within a day of re installation the same has happen. Never happen on my other blogs hosted elsewhere.

How do I stop the Hi jack and prevent it from happening again?

Cheers



Paul
#blog #jacked #wordpress
  • Profile picture of the author Michael Shook
    Maybe it is time to get another hosting account somewhere else. Defending against this means you have to know what kind of attack it was, how it worked, and what it is about the hosting service in the first place that let it occur.

    In my personal experience, even though it was a pain, it was easier for me to move my sitewhen I had a simialr experience.
    Signature


    {{ DiscussionBoard.errors[4061276].message }}
  • Profile picture of the author shaunyb1
    That sucks mate. get it moved right away.
    I use hostgator, their babycroc account for over 60 domains. Once youve backed up your database and files (assuming you know how to do all this), get yourself a plugin that automatically backs up your site to amazon aws (well, thats what I do anyway, its just a suggestion) - I use this one:
    Automatic WordPress Backup -


    which you can find in the wordpress plugins directory.

    It gives peace of mind and My backup costs are no more than 2 to 3 dollars a month for all 60+ sites.

    Shaun
    {{ DiscussionBoard.errors[4061340].message }}
  • Profile picture of the author DireStraits
    One thing to bear in mind is that depending on your web-host's server architecture/configuration, the integrity of your own sites/files can be at risk of compromise after a break-in through another customer's account.

    There are some setups that offer more protection from this sort of customer negligence, where any scripts/processes executed are "jailed", meaning under few circumstances can they create/edit/delete files in other users' accounts unless the hacker manages to compromise the server at a higher level (e.g. at root/administrator level or whatever).

    Of course, there is negligence not only on the part of customers, but on that of the web-host themselves, too. Some just aren't proactive enough in their monitoring, security hardening and applying software/OS patches and so on.

    If you've started with a new, up-to-date installation and still been hacked almost immediately, then it seems to me that there's a good chance your host either has a crappy setup, or is negligent and incompetent - in which case I'd begin looking elsewhere, as it's bound to recur.
    {{ DiscussionBoard.errors[4061422].message }}
  • Profile picture of the author pmbrent
    You may want to have someone check your code, when they hijacked your site they may have installed a script that allows them continued access even if you reinstall it.
    {{ DiscussionBoard.errors[4062043].message }}
    • Profile picture of the author Peter Clark
      Originally Posted by pmbrent View Post

      You may want to have someone check your code, when they hijacked your site they may have installed a script that allows them continued access even if you reinstall it.
      ^^^Thisx 1,000

      I had the same thing happen to me. I called Hostgator, they cleaned up the problem, and then I went on Scriptlance and found a guy to go over the code on my site for $25; he confirmed it was clean, and back to business as usual

      Just a tip: The most important plugin I have on ALL of my sites is this:

      WordPress › BulletProof Security « WordPress Plugins (not an affiliate link)

      It is 100% free and provides security against 99% of the common attacks, viruses and SQL injections Hackers use. Its worked great so far(knock on wood) and is definitely worth having.
      {{ DiscussionBoard.errors[4072990].message }}
      • Profile picture of the author Kev Gowing
        If this happened once then ok but twice, it's time to move host. If your other hosts have not had any problems then I would move over to them sharpish and save yourself the hassle
        {{ DiscussionBoard.errors[4073004].message }}
  • Profile picture of the author Abledragon
    Sorry to hear that - it's a horrible feeling.

    A similar thing happened to a client of mine a while ago, and here are the steps we took to fix it (and she's not had any problems since):

    WordPress Security: Not Just About WordPress | WealthyDragon

    Good luck with getting it sorted out.

    Cheers,

    Martin.
    Signature
    WealthyDragon - Earning My Living Online
    {{ DiscussionBoard.errors[4063632].message }}
  • Profile picture of the author Paul Barber
    Thanks for all the help, very much appreciated. What I have found out however is that my site has not been hi jacked at all! It turns out that this It's the holding screen for the Themefuse Maintenance Mode plugin! Clearly I'm a plonker.

    It would appear that you only activate the plugin when you are working on the site. (I just assumed that irt all worked automatically). Not a very obvious holding page in my opinion and that does not explain why it was not showing straight off. Anyway disabled the plugin and all is well.

    A useful site that someone sent me that may be of use for anyone who wants to know more about WP security is 13 Vital Tips and Hacks to Protect Your WordPress Admin Area
    Signature
    {{ DiscussionBoard.errors[4066796].message }}
  • Profile picture of the author rickfrazier1
    If you are getting repeatedly hacked, I'd start to suspect the hosting provider.

    Some years ago, in another life when I was developing web sites for a living, I had a hosting provider where I had about a dozen sites (mine and clients). One day, while moving some files with FTP, I traversed one directory above my root, and discovered all of the other site root directories on that server. I was absolutely floored when I found that I could move back down nearly any other web site directory structure on the server. Needless to say, I move all of my sites to another provider as rapidly as I could.

    I haven't seen this sort of behavior on a legitimate hosting provider since, and have no experience with yours, but it may be something to check if you're interested...
    Signature

    My Current WSO: Financial Independence 2012 - The Truth About Kindle Publishing

    HostGator web hosting is only $0.01 for the first month: Use coupon code HMTSpecial

    Other WSO: Protect Your Product - Prevent THIEVES from stealing your product.

    {{ DiscussionBoard.errors[4072765].message }}
  • Profile picture of the author Willie Murray
    If I were you and had a clean backup of your site I would also consider moving hosting...
    Signature
    {{ DiscussionBoard.errors[4072782].message }}
  • Profile picture of the author sujata
    WordPress is pretty secure , But still No software system is immune to bugs and vulnerabilities. That’s why it’s important to make sure that your WordPress as secure as possible. Scans your WordPress for security vulnerabilities -Like passwords, file permissions, database security, version hiding, admin protection/security etc.
    {{ DiscussionBoard.errors[4073153].message }}

Trending Topics