Hacked Sites and no Solution

by Pascal Parvex

Posted: 12 years ago 21 replies

INTERNET MARKETING

Appealed for the third time on the ban of my Adsense account, but had no luck. This sucks, as I love Adsense, although I maybe only made 25 bucks a year. I still love the passive income.

A bigger problem I currently have is that four of my sites all the time get hacked. I tried to locate the problem, no luck so far. I currently isolate my standard notebook, an Acer PC, and only use my MacBook Pro under MacOs. I also ran Malwarebytes Anti-Malware twice, Antivir full scan twice and Microsoft Defender Offline Tool. I found some malware with Defender, but only in old e-mails and old Internet Explorer temporary files. Nothing worked so far, a few days after any backup I use to reinstate my sites, the pages get hacked. Always the same ones.

Of the four sites three of them are outdated Woltlab forums and one site is a Wordpress blog. Even when I update the forums and bring the Wordpress installation to the newest version, the sites get hacked. I also change the passwords every time, no luck. I also once changed the FTP password, did not help. As far as my host could tell, the attack is happening over HTTP, not FTP, so changing the password there is not a solution as it seems.

Has anyone an ideo what I could try next? The host told me that the virus is not on my server, he is coming from somewhere externally. Any hints into the comments, please.

Want to buy an done for you Bring the Fresh site, but I can't unless I fix the constant hack thing.

#hack #hacked #sites #solution

Kingfish85 12 years ago

What kind of hosting do you have, shared/reseller or a VPS?

Has your host looked over the sites or just told you that there's no problem with the server? It could be a problem with the wordpress theme itself or a vulnerability is the forum software.

What forums are you using?

What Wordpress themes are you using?
- Thanks
- 1 reply
Signature

|~| VeeroTech Hosting - sales @ veerotech.net
|~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
|~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
|~| Visit us @veerotech Facebook - Twitter - LinkedIn
{{ DiscussionBoard.errors[6682434].message }}
- Jeff Hope 12 years ago
  
  Hi Pascal,
  
  What plugins are you using with Wordpress?
  
  Some plugins are vulnerable, and those are the most common hacker access point in my experience.
  
  Jeff
  
  Thanks
  
  {{ DiscussionBoard.errors[6682773].message }}
Adie 12 years ago

If you are running wordpress, never use "admin" as admin log-in.
I experienced the same problem before when 12 of my sites were hacked at the same time and my hosting support told me not to use "admin" again. And it is effective...
- Thanks
Signature

Moderator's Note: You're only allowed to put your own products or sites in your signature.

Signature edited.
{{ DiscussionBoard.errors[6682801].message }}
Chris Thompson 12 years ago

Here's what you need to do:

1) Assume EVERY site on your shared hosting environment (all the sites on your account) are compromised. Yes, ALL OF THEM.

2) Use your backup and keep only the database + your wp-content/uploads folder.

3) MANUALLY re-install your blogs by recreating a new database, uploading a fresh copy of WP and a fresh copy of your theme / plugins. Check your wp-content/uploads folder for any fishy files first. Do a malware scan on your backups (on your local machine).

And of course, change passwords.

When you get hacked, take your data (database) and run. That means rebuild the sites completely from the ground up.

See this podcast:
http://blog.outsourcefactor.com/podc...urity-podcast/
- Thanks
{{ DiscussionBoard.errors[6690927].message }}
briantymes 12 years ago

This could be caused by people cracking your username and password. You may want to try using random numbers and letters, along with CAPITAL letters thrown in.

Try to make the random variations at least 12 characters long, and make sure it is random. This will make it very difficult for people if they are hacking your username and password.

Of course make sure you write down your login information, and never allow your browser to save the username and password so you don't have to type it in. ALWAYS type in your information and when the browser asks if you want to save the password, just say "never for this site"
- Thanks
{{ DiscussionBoard.errors[6691644].message }}
HeySal 12 years ago

I agree with a possible hosting problem. Rebuild and fix what you need to and move to a different server. Some are better than others at defending against attacks.
- Thanks
Signature

Sal
When the Roads and Paths end, learn to guide yourself through the wilderness
Beyond the Path
{{ DiscussionBoard.errors[6691744].message }}
jaasmit 12 years ago

In this open world connection you need to make it sure that everything you have are in quality security.
Never forget this type of situation or do not take it litely.
- Thanks
{{ DiscussionBoard.errors[6691815].message }}

Pascal Parvex

12 years ago

One site is Wordpress. The page is down now, as I got again hacked. It just shows a blank screen, and it has malicious code in the PHP files. One of the Plugins that are installed but not active is an Adsense Plugin.

Will check that admin thing.

Thanks
1 reply

Signature

Parvex.org

{{ DiscussionBoard.errors[6692296].message }}

Chris Thompson

12 years ago

Originally Posted by Pascal Parvex

You are wasting your time checking anything. Rebuild the site as I explained already. Do the job properly

Thanks

{{ DiscussionBoard.errors[6692426].message }}

Adie 12 years ago

Appealed for the third time on the ban of my Adsense account, but had no luck.

And I don't understand why you have adsense account for the 3rd time?
- Thanks
- 1 reply
Signature

Moderator's Note: You're only allowed to put your own products or sites in your signature.

Signature edited.
{{ DiscussionBoard.errors[6692440].message }}
- Pascal Parvex 12 years ago
  
  Originally Posted by Adie
  
  And I don't understand why you have adsense account for the 3rd time?
  
  I only got banned once.
  
  Thanks
  
  Signature
  Parvex.org
  
  {{ DiscussionBoard.errors[6715713].message }}
JerryFrempong 12 years ago

Hi, who do you host with? For example, this happened to me quite a few times with my wordpress sites so I asked Hostgator to clean the sites and remove the malware, they did it happily. Hope this helps
- Thanks
Signature

Jerry Frempong
{{ DiscussionBoard.errors[6715826].message }}
mosthost 12 years ago

The Wordpress site is the one that's been hacked most likely. They inject an eval statement through PHP vulnerabilities. This is the reason to use managed hosting services.

Your hosting provider should be able to point you in the right direction.
- Thanks
{{ DiscussionBoard.errors[6716028].message }}
Leveragist 12 years ago

You might also want to consider an anti-keylogger solution: AntiLogger - CNET Download.com

Changing the password is useless if someone's logging your keystrokes and finding out the new passwords each time you change them.
- Thanks
{{ DiscussionBoard.errors[6716049].message }}
andersvinther 12 years ago

Sucuri.net are good for cleaning up your site... USD89 for one years subscription where they will clean your site every time it's infected...

Also you can check the WordPress Security Checklist that I've written... should tighten up your site to prevent it from happening again... see The WordPress Security Checklist
- Thanks
{{ DiscussionBoard.errors[6723458].message }}
ss442 12 years ago

I think Jerry is right too, I think most hosting services have a security system to lock down your site. I use Hostmonster so I know nothing about the gator hosting site but you might give them a call if you have not already. Most will walk you through a solution because they probably deal with that day after day.
- Thanks
- 1 reply
Signature

Ed Sunderland
{{ DiscussionBoard.errors[6723563].message }}
- Pascal Parvex 11 years ago
  
  A quick heads up: The hoster found some infected files in the backup, those were the reason I got hacked all the time. The files were superfluous, like "counter.php" (in my Wordpress installations, have four of these). Deleted those infected files, no hack for weeks now.
  
  Need an autoupdater for Wordpress and plugins, any ideas? Michael Cheney promotes a paid plugin, are there any free ones?
  
  Thanks
  
  Signature
  Parvex.org
  
  {{ DiscussionBoard.errors[7434728].message }}
SunilTanna 11 years ago

If you think they are getting in through the admin scripts.

One thing you can try, is simply delete or rename the admin scripts when you are not using them.

For example, I seem to remember wordpress uses a directory called something like wpadmin or wp-admin to store the admin scripts.

When you are not working on the site, simply rename this to something else.

You can also use a .htaccess file to restrict access to the admin script directory to your own personal IP address
- Thanks
Signature
ClickBank Vendor?
- Protect Your Thank You Pages & Downloads
- Give Your Affiliates Multiple Landing Pages (Video Demo)
- Killer Graphics for Your Site
SPECIAL WSO PRICES FOR WARRIORS + GET THE "CLICKBANK DISCOUNT" TOO!
{{ DiscussionBoard.errors[7434781].message }}

sunray

11 years ago

1. Redirect your traffic through cloudflare.com, and block all countries from which you are not expecting legit traffic.
2. Give up Wordpress, and use Drupal instead. There are many reasons why Wordpress is by far the most hacked CMS.
3. When there are security updates, update your CMS the minute you get the message. A known security leak makes the site especially vulnerable.
4. Use good passwords, like this: gYfd5(jcI
5. On user sites (with users logged in), close file uploads.

Thanks
1 reply

Signature

FREE book online: Manifest Money With the Law of Attraction

{{ DiscussionBoard.errors[7435109].message }}

damoncloudflare

11 years ago

Originally Posted by sunray

Thanks for the mention. Just a quick note that our country block currently only challenges visitors with a challenge page (humans could still enter the site by passing the captcha). Our challenge, however, is very effective at stopping bots.

We do, however, support full IP blocks in Threat Control as well (/16 and /24 format at this time).

Thanks

Signature

Damon
CloudFlare Community Evangelist

Tips for using WordPress with CloudFlare

{{ DiscussionBoard.errors[7472897].message }}

Justin Ford 9 years ago

Actually i see it also old post. But i need to share my expression. Actually i did use spyshelter anti-logger for my website. I did choose it chatted with the sales person and they seemed very helpful.
- Thanks
Signature
Less is more. Keeping it simple takes time and effort.
{{ DiscussionBoard.errors[9739902].message }}

Hacked Sites and no Solution

Trending Topics

How did you turn it all around?

Any thoughts on golf's latest phenom...Scottie Scheffler??

What's the Best IM-Related Skill to Learn Today That Can Help in the Future?

Some interesting stats about brand comms

best high quality crypto traffic.