How the heck are they getting in?

by 11 replies
12
Without giving a hacker ideas... can someone explain how hackers gain access to your wp blogs? I notice they don't seem to bother with static html sites.

I just found 2 zip files that they uploaded to my new empty site. Wordfence found them for me, along with changes that had been made to a .php file that I think made it possible for them to do that upload. This means they're getting right into my CPanel doesn't it?

The password for this and all my sites are generated to about 10 characters/letters/numbers combos. My guess is that they aren't going through this access route. So does it have anything to do with my host not having a very secure service?

Thanks.

Sylvia
#programming #hack attacks #heck
  • Better check with your host support. Is your cpanel password strong ? get it changed ..
    If your hosting account has been compromised then the hosting support should be helping you with this, if not change hosting provider ! Hope you get it sorted
  • Hi Jeff,

    It's more evident now that they are getting into CPanel... cz I discovered that uploaded zip file throughout all my sites, and even in one of my static html sites. They modified the index.php files and another file that shows that zip file name. For awhile I was thinking their coding kept re-uploading the file every time I deleted it, cz it seemed to keep coming back.

    My Host has been really good about checking out this stuff, but I"m going to ask them to change my user name for CPanel cz some hackers are trying to gain access using it (as I am discovering through Wordfence). My passowrd has been changed repeatedly, but I'll change it again, too... make it 16 CHARACTERS or maybe 50!

    Sylvia
  • Could also be malware/virus on the computer you are using to log into your site. Check that first.
    • [1] reply
    • My computer seems fine... using Norton and Malware Bytes to root out any malicious files, etc.

      The problem is coming from a file I can't get to... htaccess. Clearly, it's a hidden file, and apparently that's the file they modify to mess up your site. As fast as I'm deleting fake files and modified files, I assume it's that file that keeps putting stuff back.

      Anybody know how to get access to htaccess?

      Sylvia
      • [1] reply
  • Thank you jbyte. I found how to turn on hidden files and found the htaccess files for all my sites. I did a new WP install on one empty domain, and that .htaccess file looks like copy below. Is this how they should look? Because the file on my other sites has other stuff in them, that includes (google|yahoo|msn|aol|bing)

    Code from new installation which looks right to me. Can I just copy this to all of my htaccess files? :

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress
    • [1] reply
  • [DELETED]
  • Hello. It may have to do with your FTP software somehow. I have had (also solved) problems just like the one you have in the past.
  • Banned

    Simple.

    They look for vulnerabilities in themes, plugins and/or directly on the MySQL database and do a SQL injection.

    There's sites on the web with list of known WP plugins that have security holes, from there it's as simple as doing a Google search looking for sites that have a footprint from the theme/plugin (usually plugin).
    • [ 2 ] Thanks
    • [1] reply
    • Thank you Yukon.
      So they somehow gain access to MySQL? Would that be a weakness with the host provider?

      What commonly happens is they are getting into all of my blogs (yes, they're hosted on one server as add-on domains) and making all those changes, such as adding certain files and modifying others. As I said, the only sites they don't touch are my static HTML sites.

      Not all of my blogs have the same theme or plugins. They hack even the newer themes that I've upgraded.

      Also, they've discovered my user name for my CPanel, but would be severely tested to discover the convoluted passwords I've created and change.

      Is there anything to be done if it's MySQL issue?

      Sylvia
  • Probably your hosting is vulnerable. It might be virus on your site or on hosting. I would contact hosting support in his case
Join the discussion

Next Topics on Trending Feed

  • 12

    How the heck are they getting in?

    Without giving a hacker ideas... can someone explain how hackers gain access to your wp blogs? I notice they don't seem to bother with static html sites. I just found 2 zip files that they uploaded to my new empty site. Wordfence found them for me, along with changes that had been made to a .php file that I think made it possible for them to do that upload. This means they're getting right into my CPanel doesn't it?