My site got hacked today! by Indonesian Hacker r1q

by awledd
48 replies
I am angry that I have not backed up the files.
Of course it does not have much posts. But
I learned my lesson! I have to back it up
almost everyday.
I googled the message displayed on my page:

./hacked by r1q
Security fail!?!?
Indonesian Hacker


and i was terrified! b/c the results
were 7,700 in quotations where actually
it can be more than that. Backup & Take care guys!
#hacked #hacker #indonesian #r1q #site #today
  • Profile picture of the author ChrisMoon
    That's a bummer I've been using BulletProof Security Pro (not an affiliate) which in my opinion is the best security plugin available. They also have a free version.
    Signature

    GreyGable

    {{ DiscussionBoard.errors[7761852].message }}
    • Profile picture of the author KevL
      Originally Posted by ChrisMoon View Post

      That's a bummer I've been using BulletProof Security Pro (not an affiliate) which in my opinion is the best security plugin available. They also have a free version.
      Yeah I'm using bullet proof too after a couple of my old WP sites were infected with malware!
      Signature
      SEO Kev
      Small business SEO / Web Marketing Tips.
      {{ DiscussionBoard.errors[7763755].message }}
  • Profile picture of the author asiriusthoth
    That definitely sucks, I feel for you. Another reason why I've been more than happy with WiredTree as my provider. Fully managed server, with daily/weekly/monthly backups.
    Signature

    {{ DiscussionBoard.errors[7761914].message }}
  • Profile picture of the author IM Lover
    Hate seeing these types of threads, you MUST backup your work people!
    {{ DiscussionBoard.errors[7761921].message }}
  • Profile picture of the author awledd
    But how can they hack this much 7000 + websites? I found it by searching with the text they post on my front page. For my other sites I use loginlock plugin after it was hacked a year ago. No threat till now. This one is new and I did not bothered about security until it hit me hard.

    But whatever we do I think these guys will get arround some way so backing up your files is the ultimate solution I beleive.
    Signature
    {{ DiscussionBoard.errors[7762066].message }}
  • Profile picture of the author bkkmma
    Anytime you read something like this, it's a reminder to go back up your stuff if you haven't already. Like.. do it now. Do it yesterday.
    Signature
    Selling guest posts in the health niche on an aged, PR3 site with a legit link from HuffPo for only $17 a pop. Limit of 10 available per month. PM if interested. Permanent sitewides for $45 (Limit of 8 EVER.)
    {{ DiscussionBoard.errors[7762069].message }}
  • Profile picture of the author spearce000
    This kind of experience can be a real PITA, and it's happened to me on more than one occasion.

    If you're on shared hosting, a lot of times this can occur when someone gets onto the server via a weakness in another hosting account, and then goes on to infect every website hosted there.

    In addition to backing up your files on the server, you should also download the backup to your computer's hard drive, and burn the entire archive onto CD or DVD occasionally. That way, if you've backed up a rogue bit of code you can go through and find a 'clean' backup.

    Also, I've found it useful to check the php scripts on my server every once in a while. Take a look at the Latest Visitors or Raw Access logs in Cpanel and look for a php script that seems like it's being run remotely. That could be a sign of trouble.

    You should, of course, make sure you don't have any files with the CHMOD 777 as this is a back door to hackers.

    Make your hosting provider aware that you've been hacked, ask them to look into it, and to check other accounts on the server. It's important that they find where the hacker is getting in, otherwise it will keep happening again and again regardless of what you do yourself – especially as your hacker sounds both prolific and an expert.

    If your hosting company can't (or won't) help, the best thing to do is to take your business elsewhere and rebuild your site from scratch. A real nuisance, I know, but the only sure fire way to stop it happening again as the hackers may still target your domain.
    {{ DiscussionBoard.errors[7763169].message }}
  • Profile picture of the author mikehuff
    Awhile back I had a site that was new with only a few posts get hacked. There was honestly nothing of value even on there yet...what's the purpose of something like that?
    {{ DiscussionBoard.errors[7763568].message }}
    • Profile picture of the author tanshi
      Originally Posted by mikehuff View Post

      Awhile back I had a site that was new with only a few posts get hacked. There was honestly nothing of value even on there yet...what's the purpose of something like that?
      I guess every hacker must start somewhere
      Signature

      The best things in life aren't things

      {{ DiscussionBoard.errors[7763606].message }}
      • Profile picture of the author mikehuff
        Originally Posted by tanshi View Post

        I guess every hacker must start somewhere
        Haha, pretty much
        {{ DiscussionBoard.errors[7763635].message }}
      • Profile picture of the author Alexa Smith
        Banned
        Originally Posted by tanshi View Post

        I guess every hacker must start somewhere
        This.

        I understand they typically start on WordPress sites, and especially those insecure ones which have been installed in a second with something like the "Fantastico" one-click installer.
        {{ DiscussionBoard.errors[7772939].message }}
        • Profile picture of the author so11
          Originally Posted by Alexa Smith View Post

          This.

          I understand they typically start on WordPress sites, and especially those insecure ones which have been installed in a second with something like the "Fantastico" one-click installer.
          Exactly!!! Most of them use default configuration settings, which are then programmed into automated hacking/vulnerability testing tools/scripts.
          Signature
          www.groupesoloviev.com
          We help businesses manage cyber risk and compliance requirements.
          {{ DiscussionBoard.errors[7773383].message }}
  • Profile picture of the author espresso
    "You should, of course, make sure you don't have any files with the CHMOD 777 as this is a back door to hackers."
    but some scripts require that for them to run
    {{ DiscussionBoard.errors[7763659].message }}
  • Profile picture of the author drmj1964
    That stinks! Do hackers have something to gain by hacking a site? What I really do not understand are those whom send out computer viruses, they have nothing to gain and don't even know who's computers they messed up. HMM?:confused:
    Signature

    If you're NOT making EASY money online:
    Coming Soon -> The Holy Grail of Day Trading

    {{ DiscussionBoard.errors[7763689].message }}
  • Profile picture of the author drewfioravanti
    Is there a Wordpress plugin that will automatically backup your site at a scheduled time every day?
    {{ DiscussionBoard.errors[7763705].message }}
    • Profile picture of the author tanshi
      Originally Posted by drewfioravanti View Post

      Is there a Wordpress plugin that will automatically backup your site at a scheduled time every day?
      Yes, BackWPup is my favorite, can do schedule as you like and back up to FTP, Dropbox, Amazon S3, and other.
      It also gives you full control of what you really need to backup. In automatic backup I backup only the database and the uploads folder. When I do modifications to the themes or add new plugins I do manual backup using the plugin.
      Signature

      The best things in life aren't things

      {{ DiscussionBoard.errors[7763776].message }}
      • Profile picture of the author awledd
        Originally Posted by tanshi View Post

        Yes, BackWPup is my favorite,
        I haven't known this plugin. It seems interesting. Will try it. Thank you.
        Signature
        {{ DiscussionBoard.errors[7764542].message }}
  • Profile picture of the author Matthew D
    Well, these kind of guy will give your email back if you give him some bucks, he obviously gave his email for this purpose, so you can contact him: riquelli666@gmail.com
    My friend 's got hacked too, so many victims these days, they can't do nothing about it. Based on short Google search, I am quite sure Joomla based website is more vulnerable against this type of attack. Watch out guys.
    {{ DiscussionBoard.errors[7764644].message }}
    • Profile picture of the author Walter Parrish
      Originally Posted by Matthew D View Post

      Well, these kind of guy will give your email back if you give him some bucks, he obviously gave his email for this purpose, so you can contact him: riquelli666@gmail.com
      My friend 's got hacked too, so many victims these days, they can't do nothing about it. Based on short Google search, I am quite sure Joomla based website is more vulnerable against this type of attack. Watch out guys.
      I would have to say you're wrong about joomla. The joomla developers seem to be more security minded. They keep a running list of vulnerable plugins and also send out security reports regularly. I have only come across a few plugins that even come close to those that you can add to joomla.

      One thing I can say is if you keep getting hacked learn to do a manual install of wordpress and always keep the install up to date.
      Signature
      Use Feeder Sites, Articles, And Social Media Sites To Generate Unstoppable Traffic, FREE! Click Here Now To Get It For FREE
      {{ DiscussionBoard.errors[7868762].message }}
  • Profile picture of the author jtoelle
    Hopefully your host can help you
    Signature

    Use AutoRegram to Repost Viral content on Instagram.

    {{ DiscussionBoard.errors[7764657].message }}
  • Profile picture of the author Vincent Abrugar
    Another reminder to always backup your site.

    @awledd This hack usually defaced your wp-config.php but your files
    and database are still intact so you can repair by creating a new wp-config.php
    {{ DiscussionBoard.errors[7771057].message }}
  • Profile picture of the author Grace Li
    Originally Posted by awledd View Post

    I am angry that I have not backed up the files.
    Of course it does not have much posts. But
    I learned my lesson! I have to back it up
    almost everyday.
    I googled the message displayed on my page:

    ./hacked by r1q
    Security fail!?!?
    Indonesian Hacker


    and i was terrified! b/c the results
    were 7,700 in quotations where actually
    it can be more than that. Backup & Take care guys!
    How well was your website doing before it got hacked? Just want to know that if hackers actually hack sites even if they not making money at all(which is my site)
    {{ DiscussionBoard.errors[7771230].message }}
    • Profile picture of the author pro2sell
      Originally Posted by Grace Li View Post

      How well was your website doing before it got hacked? Just want to know that if hackers actually hack sites even if they not making money at all(which is my site)
      you better watch out for footprints of your gazillion plugins/themes ... just in case
      {{ DiscussionBoard.errors[7771364].message }}
  • Profile picture of the author Vrindavan
    your webhost offer daily backup ?
    Signature
    {{ DiscussionBoard.errors[7771401].message }}
  • Profile picture of the author Delsworld
    I had 2 sites hacked and buying security is a must(lesson learned).

    Funny thing is when they hacked the sites they offer to fix it for money lol. I wonder how many ppl fall for that ?
    Signature

    Get PR1-PR8 Contextual Links From Actual PR Pages.
    Permanent, Homepage, Relevant Niches From $1 per Link! $50 Bonus here

    {{ DiscussionBoard.errors[7771433].message }}
    • Profile picture of the author IMBlessed
      Originally Posted by Delsworld View Post

      I had 2 sites hacked and buying security is a must(lesson learned).

      Funny thing is when they hacked the sites they offer to fix it for money lol. I wonder how many ppl fall for that ?
      Yeah, it is a pity for some folks who were like kidnapped for ransom
      {{ DiscussionBoard.errors[7771540].message }}
    • Originally Posted by Delsworld View Post

      I had 2 sites hacked and buying security is a must(lesson learned).

      Funny thing is when they hacked the sites they offer to fix it for money lol. I wonder how many ppl fall for that ?
      A lot.

      I know someone who paid the hacker ~$1000 to put back his site. He was naive enough to believe that the hacker would fix his word and fix the site he intentionally destroyed.

      The thing is, once they find one window, it's easy to automatically hack into hundreds of sites. Even if just one of those victims pay, the hacker still would still be earning more than what he would be getting if he was doing something legal and useful.
      {{ DiscussionBoard.errors[7772418].message }}
      • Profile picture of the author mikehuff
        Originally Posted by John Jonas Phil VA View Post

        A lot.

        I know someone who paid the hacker ~$1000 to put back his site. He was naive enough to believe that the hacker would fix his word and fix the site he intentionally destroyed.

        The thing is, once they find one window, it's easy to automatically hack into hundreds of sites. Even if just one of those victims pay, the hacker still would still be earning more than what he would be getting if he was doing something legal and useful.
        THAT fact is REALLY bummin me out. What a bunch a assh*les. And to think people ask on a regular basis if internet marketing as a whole is a scam!!
        {{ DiscussionBoard.errors[7773441].message }}
  • Profile picture of the author imacyrayy
    What's the motive of these hackers. I think they have a random program that does the hacking business for them. Coming to think of it most of the sites that get hacked are of little value.
    {{ DiscussionBoard.errors[7771980].message }}
  • Profile picture of the author jay walters
    Still the best thing to do is back up the files... just being cautious.
    {{ DiscussionBoard.errors[7771983].message }}
    • Profile picture of the author Tony Marriott
      Originally Posted by Grace Li View Post

      How well was your website doing before it got hacked? Just want to know that if hackers actually hack sites even if they not making money at all(which is my site)
      Originally Posted by imacyrayy View Post

      What's the motive of these hackers. I think they have a random program that does the hacking business for them. Coming to think of it most of the sites that get hacked are of little value.
      You are abolutely right. The majority of these hacks are completey automated by bots that scan for known insecurities.

      That may be why a lot of "worthless" sites gets hacked. It may simply be that more value a site has the more likely it is to have good security in place.

      Woprdpress is of course a specific target, as is any site that use PHP, but any site is at risk.

      Keeping files, plugins and themes up date is crucial as most updates fix security holes.
      Running specific security protection (plugins) is also a must. Bulletproof security is good but you need to add some other plugins as well. I am moving more towards Better WP Security as all the things you want to secure is wrapped into the one (free) plugin.

      But final protection must always be regular backups.
      {{ DiscussionBoard.errors[7772051].message }}
  • Profile picture of the author ownergolan
    You need to protect your website mate !
    Signature
    "Aiyyo I'm gonna be on ti-dop, that's all my eyes can see..
    Ill put in work, and watch my status escalate"
    {{ DiscussionBoard.errors[7772201].message }}
  • Profile picture of the author Abhik
    Well, there the backups come handy.
    You know, if you were using WordPress, you could have used some free plugins to get your blog backed up on a regular basis.
    Signature
    WSO SPECIAL!! [$29 Limited Time] → Comments+ WordPress Comment Enhancer Plugin

    Professional Blogging Model | ItsAbhikDotCom
    Discover the formulas that are bringing in more than $10,000 per month for me from simple Affiliate Marketing mixed with Professional Blogging.
    {{ DiscussionBoard.errors[7772433].message }}
    • Profile picture of the author 24hours
      Sorry to hear that your site was hacked.

      So . . . the hacking is usually done via php? My site is simple - all html so far, but I need to add a contact form and that will use php. Is this a bad idea? Putting the email in plain view will be a spam magnet, so is there another way to add a contact form? The site is a hosted site, but is not using WP.
      {{ DiscussionBoard.errors[7772696].message }}
      • Profile picture of the author Claire Koch
        You don't really have anything to worry about they seem to love hacking wordpress. Just make a folder on your hard drive and download your site (if you've made changes through cpanel) if not, I recommend you just zip up your site on your computer. Use windows if it has the capability or download jzip which is a great free zip utility, I also use 7zip and then put your site on an external drive if you have one and/or a cd and/or usb storage just for safe keeping in case your computer crashes. You can never have enuf backup of your websites no matter which platform you use.

        HTML STILL ROCKS no matter what anybody says I love it.

        Originally Posted by 24hours View Post

        Sorry to hear that your site was hacked.

        So . . . the hacking is usually done via php? My site is simple - all html so far, but I need to add a contact form and that will use php. Is this a bad idea? Putting the email in plain view will be a spam magnet, so is there another way to add a contact form? The site is a hosted site, but is not using WP.
        {{ DiscussionBoard.errors[7869024].message }}
  • Profile picture of the author FreshAndThemes
    Most probably exploited a loop whole in something that all the sites had in common. What host are you using?
    {{ DiscussionBoard.errors[7772778].message }}
  • Profile picture of the author perfect
    Don't just solve it own your own let your hosting provider know about it too , in case if they need to fix somethings to avoid it repeating in the future.
    Signature

    Submit your articles to www.365articledirectory.com FREE, approval within 48 hours

    {{ DiscussionBoard.errors[7772977].message }}
  • Profile picture of the author kayfrank
    I know exactly how you feel. It has happened to me in the past. Contact your hosting provider and see if they have a backup prior to your site being hacked.
    I use WP twin now. Good luck.
    {{ DiscussionBoard.errors[7772998].message }}
  • Profile picture of the author awledd
    The site is rather kind of new (not much article in it) They deleted important data and I have to start all over again. I didn't want to go through hosting b/c the articles and treaffic is almost insignificant.
    Signature
    {{ DiscussionBoard.errors[7773121].message }}
  • Profile picture of the author Surminga
    It is a problem these days - hackers are annoyingly trying to fulfill their "hobby" and cause everyone else havoc.

    But yes, make sure that you backup all of your online files - one tip is if you have wordpress be sure to configure your backups and have them saved straight to your dropbox account, that is unless your host does not do this already.
    Signature
    Surminga.com - SEO and Digital Marketing Agency

    Here are a few of our Blog's : Social Media Marketing Guide
    Or if you Fancy a Holiday? - Holiday Guide
    {{ DiscussionBoard.errors[7773137].message }}
  • Profile picture of the author tomerep
    What a nightmare! So now, start keeping regular backups of your database and files. If this ever happens again, all you will need to do is restore from the last know clean backup and change your passwords and secret keys.
    {{ DiscussionBoard.errors[7773439].message }}
  • Profile picture of the author awledd
    Like others I wander what happiness it gives them. If we say that it is for fame that they are doing it, then why don't they show up?
    Signature
    {{ DiscussionBoard.errors[7820723].message }}
  • Profile picture of the author himanuzo
    You should upgrade protection for your site. And be diligent back up your data.
    {{ DiscussionBoard.errors[7820738].message }}
  • Profile picture of the author yakim1
    I could have guessed you were using wordpress from the subject of this thread,

    You can add as many security plugins that you want, but everytime you add a new plugin you open new security holes.

    This happens to wordpress sites all the time because it is hog pog collection of code that does not always work together and play nice.

    I'm not a big fan of wordpress!

    Best regards,
    Steve Yakim
    {{ DiscussionBoard.errors[7820971].message }}
  • Profile picture of the author coffeediva
    This happened to me. I just went into my file manager on my hosting accounts and found the most recent files that had been updated. I then deleted these files which were index.php index.html and a third I then reuploaded the original index.php files changed my passwords updated my wordpress and plugins. Sent a very scathing email to the hacker who actually replied to me and told him he was a terrorist told the hosting company and now a different hacker is breaking in so I will be changing hosting providers.
    {{ DiscussionBoard.errors[7844996].message }}
  • Profile picture of the author earsaver
    Yesterday, a strange Red message appeared on my blog Home page. It was in both English and Spanish It said "Security Warning. Treat this URL like your password. Don't share it with anyone."

    Have I been hacked?

    I changed the theme and it seems to have been removed. However, when I reinstalled the theme, the warning reappeared. Any ideas?

    Thanks in advance,
    Joe Benevides
    Signature

    Macs4newbies.com

    {{ DiscussionBoard.errors[7865963].message }}

Trending Topics