Sites are being Hacked one by one! Need help

by wtktg1
37 replies
3 of my sites have been already hacked (in 3 days) and the fourth one is "being hacked" : (

All of them with same hosting. I am another 6 sites. Want to this from happening again.

One of the site I received the email as below

"Dear ****** Team

It appears that your website http://******* has been hacked by a fraudster. It is now hosting a phishing attack against VBV.

Please remove the fraudulent folders/files as soon as possible and secure your website as it has been compromised.

Please note that it is possible that the fraudulent content is embedded in your website's legitimate files.


In addition, please send us any source files of the attack.

Please let us know if you have any questions or need further assistance. We appreciate your cooperation.

Best Regards,

RSA Anti-Fraud Command Center

RSA, The Security Division of EMC

US Phone: +1-866-408-7525


For more information about RSA's AFCC

RSA Anti-Fraud Command Center (AFCC)"

The site still have my appearance but I am unable to go into wp-admin (Does not exist)

The 2nd site is more obvious as it mention that at the front "Hacked by Acheh Cyber Team"
However, I still can access the the word press admin.

the 3rd site is now showing only "Loading...Chilling B nOn nii at front"

And in the fourth one, I am noticing that hackers are searching in google search such as below and found my site

1) Safe-mode SMP ... /home/*****/public_html curl #122

2) MySQL: ON MSSQL: OFF Oracle: OFF MSSQL: OFF PostgreSQL: OFF cURL: ON WGet: ON Fetch: ON Perl: ON

3) 2011 safe~mode drwxr-xr-x

They are mainly from (nigeria)

Not sure what I can do to protect this site from being hacked? Any advise to save all 4 sites?

I am thinking to switch hosting company (to hostgator). Is this a good move?

Thank you for reading
#hacked #sites
  • Profile picture of the author bhuff85
    Your first step would be to try to change your hosting password immediately to something more secure. Then, you'll have to go through and remove the bad files one by one. If you get any traffic from Google, I would remove this stuff ASAP before Google deems your site harmful and you have to apply for reconsideration, which can take time.
    Want to speed up your writing and save time?
    This book will show you how:
    --> Write Fast: 21 Powerful Ways to Cut Your Writing Time in Half! <--
    {{ DiscussionBoard.errors[4208955].message }}
  • Profile picture of the author wtktg1
    Thanks! But I am not sure which are the bad files? My other sites are getting a lot of traffic.

    So I am thinking to switch to hostgator and request for them resolve them for me
    {{ DiscussionBoard.errors[4209005].message }}
    • Profile picture of the author bhuff85
      Originally Posted by wtktg1 View Post

      Thanks! But I am not sure which are the bad files? My other sites are getting a lot of traffic.

      So I am thinking to switch to hostgator and request for them resolve them for me
      When my sites were hacked long ago, I had to go through the hard-coding to remove the damage they had done. Long and annoying process without a doubt.

      As far as switching to HostGator, I've used them for almost 5 years now. Very reputable, but I would try to see if your current provider can help first before making any moves.
      Want to speed up your writing and save time?
      This book will show you how:
      --> Write Fast: 21 Powerful Ways to Cut Your Writing Time in Half! <--
      {{ DiscussionBoard.errors[4209534].message }}
  • Profile picture of the author MaverickUK
    Change all CPanel and FTP passwords, then ask your host to help you solve the issue - if they can't or won't help then they're a rubbish provider and you need to look elsewhere. Do you have a forum or some plugin software as part of your Wordpress install?

    It's highly unlikely that these 'hackers' have gained access via a security hole in Wordpress itself, more likely they gained access via a security hole in a plugin. The more likely way of entry for them, looking at the search terms they used to find your site, is via an SQL injection.
    {{ DiscussionBoard.errors[4209407].message }}
    • Profile picture of the author Jake Gray
      Originally Posted by MaverickUK View Post

      It's highly unlikely that these 'hackers' have gained access via a security hole in Wordpress itself, more likely they gained access via a security hole in a plugin. The more likely way of entry for them, looking at the search terms they used to find your site, is via an SQL injection.
      It'd be of your best interest to research SQL Injection a bit more.
      {{ DiscussionBoard.errors[4209804].message }}
      • Profile picture of the author Ben Armstrong
        1. Change cpanel/ftp passwords
        2. change wp admin passwords
        3. update all plugnis and wordpress to latest versions
        4. See if hosting company can resolve the issue

        In future install a plugin that will backup all your data and send it to you via email

        Back up your entire sites and change passwords regularly.

        Update wordpress and plugins regularly

        Install a few wordpress security plugins like secure sign in for WP Admin etc

        This is what I've done since I was first hacked and haven't had an issue yet.

        {{ DiscussionBoard.errors[4209925].message }}
  • Profile picture of the author wmguild
    In addition to changing your passwords, update all scripts asap.
    {{ DiscussionBoard.errors[4209524].message }}
  • Profile picture of the author wtktg1
    Thanks for all the recommendations! I did change the password.

    Arrgh.. Another site just hit! (different from the fourth one, mentioned above)

    This time is "fatal error"

    My current hosting company uses a ticket support system .. guess they will only reply in 2 to 3 days (guess this is what you get with cheap hosting).

    Already talk to hostgator.. they mentioned they MIGHT be able to do something.

    So I am going for it
    {{ DiscussionBoard.errors[4209754].message }}
  • Profile picture of the author MaverickUK
    Get hosting with ASmallOrange, they're VERY cheap but offer amazing 24/7 support and would definitely help you fix issues like these. $5 a month and enough disk space and bandwith to deal with thousands of visitors/files.
    {{ DiscussionBoard.errors[4209772].message }}
  • Profile picture of the author Jake Gray
    Just from reading what you have supplied it seems that it'd be related
    to some sort of web-based application. Are you using anything outdated
    like VBulletin or WordPress? If so, be sure to update all of your websites
    accordingly as they do subscribe updates for a strong reason.

    Being a siteowner, you have to create trust with your end users. If they
    do not feel safe on your site, they will most likely never return to your site.
    So, be sure to contact your host and ask if there is any patches that they
    need to perform. If you are using an unmanaged VPS, then I'd highly recommend
    learning how to secure that first. It'd be in your best interest to grab a managed
    VPS from a REPUTABLE company.

    {{ DiscussionBoard.errors[4209788].message }}
  • Profile picture of the author C Rebecca
    1. Remove all plugins for now else be ready for being attacked again. A hacker checks for its hacked domains again to feel proud. It will keep on hacking till you are secure enough.

    2. Install CMS Security plugins (some of them are good and available)

    3. Always keep a backup of content. There are some auto-backup plugins in Wordpress and Joomla.

    4. If your website is critical... always keep atleast 3 copies of your copy ready which you can switch whenever there is an attack

    5. Hire a expert (last resort) to secure your website

    FREE 30 minutes of Ecommerce Marketing consultation. Consulted clients like,, Lowe's and more...
    Book at:

    {{ DiscussionBoard.errors[4211465].message }}
  • Profile picture of the author ChrisMoon
    I'd recommend you get WordPress Shield it's WSO (not an affiliate). I've just picked it up and read it, got everything needed to clean and secure your site.

    Good luck,


    {{ DiscussionBoard.errors[4212253].message }}
  • Profile picture of the author wtktg1
    Thanks for the advice everyone!

    Update :

    Hostgator had transfer all my files to their account. Now they are in the midst of clearing up the files and hopefully restore all the sites

    My previous hosting account gave me a warning that my sites are spammed with "phishing sites" and informed me that I had to delete them, if not they will suspend my account. Guess what? 7 minutes later they suspended me. I am asking now what I should do to get the account back. ( I paid for few years in advance) Maybe can use the hosting for experimental sites for future.

    Just Bought Wordpress Shield and is reading it.

    Will update you guys
    {{ DiscussionBoard.errors[4213217].message }}
  • Profile picture of the author micksss
    Glad to hear! One of my sites was hacked once and HostGator took care of cleaning up everything for me. That is a big difference between the support that some web hosts will offer verses HostGator.
    Web Hosting Reviews ► ◄ Read or Submit Feedback on Web Hosts.
    Web Hosting Coupons, Deals & Promos!

    Need a Virtual Private Server?
    {{ DiscussionBoard.errors[4213764].message }}
  • Profile picture of the author absolutelee
    When I had this happen to about ten sites last year, it was because all my passwords were very similar to each other and easily guessable. Turns out someone bought a site from me on Flippa and then used the info to hack in to my other sites. Solution is to change your passwords to something that's not a pattern and also not easily decoded. Also, you'll have to remove the bad files. Because of Google, speed is of the essence!
    {{ DiscussionBoard.errors[4213934].message }}
    • Profile picture of the author WikiWarrior
      After reading your OP I was going to suggest switching to Hostgator but it looks like you've already made the move. Hostgator are awesome with this sort of stuff. I feel a bit cheeky when I ask their support to fix problems with my sites but they are always happy to sort things out. Most of the problems that come up they fix whilst I'm in the Live Chat with them, they're really efficient. One of my clients WP sites was hacked a while back so the site became invisible. The hacker put some dodgy javascript in the code with the message "silence is golden" and within a couple hours of emailing Hostgator support they had it fixed. I'm sure they'll help get everything sorted for you.
      {{ DiscussionBoard.errors[4214110].message }}
    • Profile picture of the author azmanar

      A client of mine was having the same problem 2 years back.
      3 sites were hit.

      The main culprit is security holes in FREE FORUM apps. The Forums
      were installed by an over-confident web designer cum web admin, whose
      main concern is more on beauty than security.

      Hackers planted some phishing files in the midst of other files. Later, they
      even took over CPanel & PHP MyAdmin. Norton rendered the 3 sites
      as Security Risks.

      There are many routes out from this mess, including easy way outs
      such as a changing hosting provider and re-uploading web files.

      But then, the same thing might happen again, if our attitudes and
      remained the same.

      The best prevention is to stay current on Web Site Security.

      -> reference regularly at web-apps providers' sites and upgrade
      to the latest version or patches.

      -> weekly review of the raw access logs through various Web Stats
      apps, will show suspicious activities. Look for attempts to strange file
      names using your main domains. An increase in attempts means
      possibilities of hacking. You know what to do from here.

      -> regularly change your passwords and use different passwords for
      different domains. Passwords should be the strongest.

      -> if you have more than 5 important sites, might as well get Web Host
      Manager privilege
      . This will help you override CPanels if any hacker took
      over some of them.

      -> watch out for trojans and key-loggers on your PC. Many popular high-end
      Anti-Virus were not able to detect them at all, even after today's update.
      There are 2 good ones on top of the popular Anti-Virus to support our security :
      Trojan Remover and MalwareBytes' Anti-Malware.

      -> logging in using free WIFI at cafes, public hot spots and hotels raises
      the risk of getting hacked. Packets sniffers are constantly roaming in those
      networks. Hell ... I've read reports about people roaming in their cars
      detecting unprotected home WIFI networks. They even hacked secured
      home WIFI. To avoid people seeing your files, getting into your puters and
      hacking your servers, use a proxy to login. A recommended proxy is
      HotSpot Shield. There are others.

      When we're in Online biz, security should be part of our scope of concern.

      Hope this helps a bit.
      === >>> Tomorrow Should Be Better Than Today

      {{ DiscussionBoard.errors[4214662].message }}
  • Profile picture of the author wtktg1
    Thanks everyone. Really appreciates it.


    Ok hostgator had already cleared up all the nasty contents. But I am the one who told them about the foreign files in my cpanel. Not sure they checked if I had not said so. Anyway, I see from the temporary hosting, my sites looked the same as before! That's great! Now, I had changed the nameservers in and waiting for the site to be up again. Hopefully my site will be ok.

    Also, some of my sites are ranking in the first and second page of google, not sure this will impact my rankings. (After all, the status is now "Account is suspended")

    I had asked some advice from hostgator on how to prevent this from happening and they share some valuable tips. Though it might benefit everybody.


    I would recommend following these steps to help secure your hosting account and your computer:

    These steps can be used to help with securing your computer.

    1. Use the following online vulnerability scanner and ensure your software is up to date:​bility_scanning/online/?ta​sk=load

    2. Download an anti-virus program and fully scan your computer for malicious files. Here are some free scanners:
    I. MalwareBytes: http://www.malwarebytes.or​g/
    II. ComboFix: http://www.bleepingcompute​
    III. These have been reported to be able to clean a recent strain of malware that resists detection by almost all other anti-virus agents. It is highly suggested that you use both of them and one of the following:
    A. http://housecall.trendmicr​
    E. ESET - Antivirus Software with Spyware and Malware Protection

    3. Update all passwords for any account that you access/own that may not be up to standards. Standards for secure passwords are as follows:
    I. Contains uppercase and lowercase letters, numbers and symbols
    II. Does not contain any dictionary words and is not resembling any dictionary word
    III. Is 12 or more characters in length
    IV. An example of a secure password is S9LX1FpF:9VZP?Dy8q{RSQFy
    V. An insecure password would be h0StG@t.R,cOm or word12345hey
    VI. Your password should not be something that you can easily remember, purchase a thumb drive and install KeePass or KeePass portable to store your passwords and keep the thumb drive on you at all times. This allows you to access all passwords at any PC without having to remember them. Please note that you should ensure that any PC that you insert the thumb drive in to is secure prior to accessing your passwords.
    VII. You can get KeePass here: KeePass Password Safe
    VIII. KeePass portable is obtainable here:​ps/utilities/keepass_porta​ble
    IX. Each password that you use should only be used for one location or account. Reusing passwords is highly insecure and can allow even a single password's compromise to compromise every account that uses the same password.

    4. Keep your computer secure from malware infecting it. If your computer is compromised your accounts can be compromised by the malware sniffing out the passwords that you use.
    I. Ensure that you use the latest browser version and ensure that the browser subscribes to Google's blacklist API (such browsers are Mozilla Firefox, Google Chrome and Safari)
    II. Disable javascript (only allow it on websites that you trust)
    III. If you use FireFox, use the addon NoScript
    IV. Make sure your anti-virus program has a subscription to new database and version releases. This may cost some money but it's well worth the expense.
    V. Use​x.cfm?section=avg&action=o​nlinescan to test suspicious links you are given in emails or find online.

    Tips for securing your hosting account

    1. Ensure that all database configurations for your account are using a custom generated user and password combination and that this information is not stored in plain text if at all possible.

    2. Do not ever use your cPanel username and password to access your databases for your site as that is an extreme security risk.

    3. Ensure that all scripts (such as WordPress, Joomla!, Drupal and the like), plugins/modules/components​ are updated to the most recent released version as new versions are released primarily to address known security vulnerabilities in these scripts.

    4. Change the permissions for all configuration files (such as wp-config.php or configuration.php) to 600 or 400 (either read only for the user only, or read and write for the user only), that way the file is only readable and editable for the user.

    5. Disable any and all plugins that you are not using and/or are not critical to your site. Plugins that you're not using can lead to compromises later as they are likely to be forgotten and thus not updated and can also lead to resource issues with your site as well.

    6. If you have an images directory, add this code to the .htaccess in there to prevent execution of scripts in that directory, as malware is often added in there:
    AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
    Options -ExecCGI
    If you have any questions or concerns, please don't hesitate to contact us. We are more than happy to assist you.


    Joshua Br
    Network Security Administrator LLC
    {{ DiscussionBoard.errors[4217783].message }}
  • Profile picture of the author zafar
    I know I am having the same issue. All my 50 websites were hacked . I cleaned them up but next day 5 of my sites got hit again. I purchased this WSO, now I am securing my sites one by one. Take care buddy.

    Free Report Reveals Step-By-Step Formula To Online Success: Free Report

    {{ DiscussionBoard.errors[4356428].message }}
  • Profile picture of the author Punit
    Something thing I would like to advise everyone who has been hacked or who is concerned about their website security.

    It doesn't matter how strong your password is, if you use FTP Client software like FileZilla or CuteFTP your username password and any files you transfer travels from your computer to your hosting provider in clear text (so any one sniffing traffic can actually get hold of your details) the username and password is not encrypted over FTP.

    There are 2 solutions for this:
    1 is to use File Manager on CPanel
    2 is to use SSH as explained below

    If you are using HostGator there is an option to use SSH connection to transfer your files, with SSH (Secure SHell) all your username password and files are encrypted. To find out more about what SSH is and how it works go to: Secure Shell - Wikipedia, the free encyclopedia

    Here is how to activate SSH feature on HostGator.

    1. Log in to your HostGator BILLING SYSTEM, when you are logged in, on the left you should see a section called Hosting Packages, in that section click on the link called View Hosting Packages.
    2. Once you there, you should see a link called (Enable Shell Access), click on this link this will activate SSH on your hosting.
    3. Now you will need a SSH client so you can transfer files, the way you do with FileZilla except this will be much more secure. There are many SSH Clients out there google 'SSH Client' you will find lots. I personally use WinSCP it's free and used by many IT Professionals, go to WinSCP :: Download or google 'winscp'. You can also use PuTTY to do the same thing, but its more for advance users, you can always find setup instruction on youtube for both WinSCP and PuTTY.

    NOTE: if you are using some kind of firewall on your computer you may need to make changes to allow SSH connection via SSH Client as it's usually blocked by default. You will most commonly find that it's not the SSH that is blocked but the SSH Client Application is being blocked.

    AVOID purchasing GODADDY HOSTING, their Hosting is not very secure and it's a nightmare trying to connect to the hosting account using secure connection, and I advise you NOT to purchase your domain name with GoDaddy if you are planning to receive lots of traffic or are launching a product. If GoDaddy received 1 SPAM complaint they will shut down your site without notifying you. It will then take up to 30 days to get your site back up and running. Imagine the Loss of revenue and traffic…

    Don't take my word for it even the Top Internet Marketing Gurus are avoiding GoDaddy for the same reason.

    Stick to HostGator, BlueHost for Hosting and NameCheap for Domains, they understand IM Business so they work proactively with their customers rather than shutting them down.

    Hope this info has been useful…!!!

    To your success

    {{ DiscussionBoard.errors[4356828].message }}
  • Profile picture of the author Jay_Selders
    A few tips:
    - Don't run any program on your computer that may be suspicious. Run it in a sandbox (google) and inspect it. This prevents you from running any stealers or keyloggers that can expose your login details. Don't depend solely on antivirus scanners. A file that is crypted to be FUD (fully undetectable) will not show up in a antivirus scan.

    - Don't use nulled scripts or other dumb stuff like that. Easy way to lose access to your stuff.

    - Backup your websites daily/every other day. There are tools and plugins that will do this automatically. Absolutely no reason to not have backups. And not all hosting companies keep backups.

    - Don't make your wordpress username "admin". That's all I'll say about that.

    - Don't panic. You won't lose your life's saving if you were hacked. Worst case scenario you website is down for a day or two and you lose a few sales.
    {{ DiscussionBoard.errors[4356937].message }}
    • Profile picture of the author Newbie11
      Originally Posted by Jay_Selders View Post

      A few tips:

      - Don't make your wordpress username "admin". That's all I'll say about that.
      There is a plugin called WP-optimize that includes a feature to change your username.
      {{ DiscussionBoard.errors[4366851].message }}
      • Profile picture of the author cooler1
        Originally Posted by Newbie11 View Post

        There is a plugin called WP-optimize that includes a feature to change your username.
        What's the purpose of using a plugin as you can just change the username manually?

        {{ DiscussionBoard.errors[5017148].message }}
        • Profile picture of the author Dale21
          Originally Posted by cooler1 View Post

          What's the purpose of using a plugin as you can just change the username manually?
          Well with WordPress you can change your passcode manually but not the username....
          {{ DiscussionBoard.errors[5017787].message }}
          • Profile picture of the author cooler1
            Originally Posted by Dale21 View Post

            Well with WordPress you can change your passcode manually but not the username....
            Really? I thought you could just create a new username, then set it as the default user, then delete the 'admin' username.

            {{ DiscussionBoard.errors[5029717].message }}
  • Profile picture of the author design2convert
    I don't understand why people do this, anyway first thing first just go and change your hosting password, and try set directory password I means put all your admin directories in password protected directory system.
    {{ DiscussionBoard.errors[4366869].message }}
  • Profile picture of the author Anomaly1974
    Passwords are like underwear. You should change them ... FREQUENTLY

    That certainly is not going to solve every security issue but it will prevent a surprisingly large number of them.

    “They did not know it was impossible so they did it”
    -Samuel Clemens" (As Mark Twain)

    {{ DiscussionBoard.errors[4368338].message }}
  • Profile picture of the author colinph970
    I have an ebook which tells you how to recover from such attacks and also how to beef up the security of your site to prevent it happening again. You can see it here Wordpress Hacked Report eBook: Wordpress Hacked Report eBook: Mandy...
    Happy to send you a free copy if you want one.....just pmail me an email address..
    {{ DiscussionBoard.errors[4369024].message }}
    • Profile picture of the author camoreno
      Thanks to everyone for this really helpful information. Fortunately, I have not had the unpleasant experience of having to clean up the mess after someone hacks a site, but a "pound of cure....." kind of thing is always good.

      {{ DiscussionBoard.errors[4374610].message }}
  • Profile picture of the author PatchesDM
    I would DEFINITELY recommend changing your hosting password, as well I check your server or have someone very experienced check your server for any malicious files.

    Affiliate links are not allowed.

    {{ DiscussionBoard.errors[5017171].message }}
    • Profile picture of the author Daniel Evans
      I've got backups dow to a fine art - bordering on a mental illness to guard against these type of happenings. Better safe than sorry and all that jazz.

      We had a couple of incidents years back and it was a tricky situation to say the very least.

      Change up your hosting, passwords and keep updated.
      {{ DiscussionBoard.errors[5017212].message }}
  • Profile picture of the author art72
    Definitely bookmarking/subscribing to this one. There's some great info in this thread, perhaps too much to digest in one reading.

    To the OP sorry for your headache, and THank-you for sharing. I use HostGator, but I do need to step up my security features as a precursor to having this happen also.

    I received a nifty little card (*looks like a credit card) from PayPal, after someone 'hacked' my account and purchased $212 worth of crap before I caught it. PayPal resolved it fairly quickly, but the card they sent has a 6 digit password generator that can be synced with my log in. Each time it randomly selects a new password, and it has to match.

    I think someone "Tech savy" could crush it, if they create a secure WP plugin that randomizes an login password, and syncs to a preset (*yet random) password algorithm.

    Since I suck at programming, no sense in keeping the idea a secret. But I bet in the right hands someone could make a mint...just remember me when you do!

    All the Best,

    Atop a tree with Buddha ain't a bad place to take rest!
    {{ DiscussionBoard.errors[5017694].message }}
  • Profile picture of the author Dale21
    In addition to what everyone else has said, after you change your passwoords, place a simple capcha on your login. Most hacks are by brute force on your login, so if you set it to only allow 3 attempts and lockdown for a couple of hours after that, it will go a long way. Hope this helps, I had 3 sites hacked a couple of months ago and that solved the problem for me.
    {{ DiscussionBoard.errors[5017765].message }}
  • Profile picture of the author kamaxi
    Now a days hacking of site is increasing day by day if your site is hacked then first of all you should change your Administrator password and then hosting password should also be changed and then you should take back of important data which is inside your site and then should remove unused or infected or corrupted files. When you create next site or Host next site then generally you should create your site thorough .Net or Java by some other
    Advance technology. It will protect your site and your site security module should be powerful.
    {{ DiscussionBoard.errors[5017885].message }}
  • Profile picture of the author santacruz
    That's very dangerous. I use the same plugins, I will have to remove it and change the password now. Hope it will fix.
    {{ DiscussionBoard.errors[5017911].message }}
  • Profile picture of the author thebitbotdotcom
    If you are running Wordpress, definitely install the Bad Behavior plugin.
    Do Your Copywriting Skills Suck?

    Let Us Help You Develop Your Writing Skills!

    Submit Guest Posts With [ TheBitBot.Com ]
    {{ DiscussionBoard.errors[5029954].message }}

Trending Topics