Hacker Attacks

13 years ago

Originally Posted by WhiteStarlight

Last week my websites were hacked several times. First 2 times under attack was only my root domain, however now all my addon domains also were hacked. I am using wordpress on my websites and also installed several security plugins, however it didn't help. If it matters - i am using Brainhost's cheap hosting plan.Those hacker attacks become pretty annoying - are there any measures i can take to prevent that?

Yes:

Don't use non-supported plugins
Don't use plugins for small tasks (IE Google Analytics etc)
Change your password to 15 chars or more w/ specials, upper case & numbers
Change the admin username in the database
Password protect your wp-admin directory w/ .htaccess or cPanel
Use a lockout feature for wp accounts

These are just a few for Wordpress. Are they getting into your hosting account or through Wordpress?

If they're getting through your hosting account, it could be a server side security issue.

Before someone says "check for a keylogger" on your computer, it's highly unlikely.

Have you contacted the web host?

Review the logs and find the IP's that were accessing it and have your host blacklist those IP's in the firewall. If you're getting a bunch of failed login attempts, your host "should" have a blacklist feature set on their firewalls when XX failed logins are detected. If they don't, it's time to move.

[ 2 ] Thanks
1 reply

Signature

|~| VeeroTech Hosting - sales @ veerotech.net
|~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
|~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
|~| Visit us @veerotech Facebook - Twitter - LinkedIn

{{ DiscussionBoard.errors[6657571].message }}

WhiteStarlight

13 years ago

Originally Posted by Kingfish85

Yes:

Don't use non-supported plugins
Don't use plugins for small tasks (IE Google Analytics etc)
Change your password to 15 chars or more w/ specials, upper case & numbers
Change the admin username in the database
Password protect your wp-admin directory w/ .htaccess or cPanel
Use a lockout feature for wp accounts

These are just a few for Wordpress. Are they getting into your hosting account or through Wordpress?

If they're getting through your hosting account, it could be a server side security issue.

Before someone says "check for a keylogger" on your computer, it's highly unlikely.

Have you contacted the web host?

Review the logs and find the IP's that were accessing it and have your host blacklist those IP's in the firewall. If you're getting a bunch of failed login attempts, your host "should" have a blacklist feature set on their firewalls when XX failed logins are detected. If they don't, it's time to move.

1) What do you mean by non supported plugins? And how do i find out that?
2) Plugins for small tasks? Can you tell a bit more in detail what is that and why it has a negative effect. Yes, i use google analytics plugin, i need to track visitors of my website somehow
3) How do i Password protect my wp-admin directory w/ .htaccess or cPanel?
4) What is lockout feature and how do i use that?
5) I do not know how they are getting - into my hosting account or through Wordpress. How do i know that? However i didn't receive an email about failed login attempts into wordpress. And yea 1 time it was DDOS attack.
6) How can i review logs and find those IPs?

Thanks
1 reply

{{ DiscussionBoard.errors[6657627].message }}

Kingfish85

13 years ago

Originally Posted by WhiteStarlight

1) What do you mean by non supported plugins? And how do i find out that?

For example, a plugin that was created in 2010, but the developer is not actively working on it anymore. Not keeping up with updates, testing for exploits etc.

2) Plugins for small tasks? Can you tell a bit more in detail what is that and why it has a negative effect. Yes, i use google analytics plugin, i need to track visitors of my website somehow

Why? Add the Google code to your header.php file.

3) How do i Password protect my wp-admin directory w/ .htaccess or cPanel?

See here: Password Protect Directories

4) What is lockout feature and how do i use that?

A lockout feature would be a plugin the will lock the WP account out should there be too many failed login attempts.

5) I do not know how they are getting - into my hosting account or through Wordpress. How do i know that? However i didn't receive an email about failed login attempts into wordpress. And yea 1 time it was DDOS attack.

I would suggest you contact your web host about the issue. They should be able to help you in figuring out what's going on.

6) How can i review logs and find those IPs?

You can view the access logs as well as the other logs inside your cPanel account. (if you're using cPanel). You can also ask your web host to review them as well.

Thanks

Signature

|~| VeeroTech Hosting - sales @ veerotech.net
|~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
|~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
|~| Visit us @veerotech Facebook - Twitter - LinkedIn

{{ DiscussionBoard.errors[6657638].message }}

go4glory

13 years ago

More often than not you would have to contact your Hosting Provider for this issue. They should be able to provide you with Do's and don'ts list. Keep them handy. Also make sure you back up your data from time to time.
And yes, please read plugins' reviews before installing. I've personally not faced any problem with any plug-in but I've heard that they might cause some problem
In short contact your Host.

Thanks

{{ DiscussionBoard.errors[6658151].message }}

Affiliate Sidekick

13 years ago

There are to many security holes to list here, most cheap hosting accounts cause a swiss cheese type of security and WP can be part of the issue, but there are ways to fix it. Those WP free plugins are a problem and exploits are there from day one. I don't use WP for my main sites, it's to risky.

Thanks

Signature

Conversion Magnet - Instapage Premium accounts for $39/mo, normally $99/mo.

{{ DiscussionBoard.errors[6658392].message }}

zacsmith

13 years ago

Kingfish85 is wise and wily in the ways of hackers. Listen closely. My sites were attacked weekly until I moved to his hosting service. Now, no attacks.

gary

Thanks

Signature

Gary Smith, Partner, Wells-Smith Partners
Your Employee Handbook Personnel Policies for Small Businesses
Eliminate the barriers to a successful life: How to Create a Happier Life
Stressful home life?: How to Create a Happier Home

{{ DiscussionBoard.errors[6659088].message }}

WhiteStarlight

13 years ago

Kingfish85, i did a password protect of wp-admin directory for one of my websites so far, however i am not asked to enter the password when i try to access to wp-admin directory through ftp client - it just enters it without a pass. Am i doing something wrong?

And what features for wordpress lockout would you suggest to set?

Thanks

{{ DiscussionBoard.errors[6661988].message }}

BloggingPro

13 years ago

Wow! Great information from Kingfish85.

Quick question, what exactly is a lock-up feature for wp-accounts? Is that like a security feature that would disable the login page after too many invalid attempts?

BP

Thanks

{{ DiscussionBoard.errors[6662012].message }}

vCr8

13 years ago

Hi KingFish8, thanks for sharing your insights here.... luckily I have not been a victim of hackers yet and with your advise I guess I will be lesser vulnerable from such attacks.

Thanks

{{ DiscussionBoard.errors[6663319].message }}

HostWind

13 years ago

Shared hosting is also less secure that a VPS. Could also be an issue from a neighboring site.

Thanks

Signature

HostWinds
Inexpensive Web Hosting
Unlimited Web Hosting

{{ DiscussionBoard.errors[6663740].message }}

Hacker Attacks

Trending Topics

Which Area of Digital Marketing Excites You the Most?

Hey Warriors!

What is the fastest way to get traffic to an affiliate link?

"Hello everyone! New member here."

Clickbank, Digistore24 or Amazon Associates