I've been hacked !! 3848 malware/virus files placed on my hosting account.

I would check my computer for keyloggers if I were you. If they gained access to many different accounts, controlled by many different passwords, and running different pieces of software, the chances are are the vulnerability is not in the scripts, but somewhere where those passwords are stored.

Another possible threat is cracked ftp client. Don't use cracked FTP clients, use filzilla rather. It's free and open source. And use STRONG ftp password which contains capital n small aplha, number n symbols if possible. Try to twist some regular pwd in complex like
simple : ilovemoney
complex : !lUvm0n3y

hope this helps

Here's an article that describes what happened to a client of mine a few months ago (WordPress site hacked and turned into an attack site) and the steps I took to fix it:

http://www.wealthydragon.com/blog/20...ity-wordpress/

Hope it's helpful,

Cheers,

Martin.

Same with me... My first problem is being spam by lot ads and url. I think they are usinh xrumer.. A few months later, there's nothing in my blog. It only said something like "<error........" I feel so frustated since i build the link for the site consistently.. I realize that i also need to concern about security part... :-(

The hosting should work together with you to fight this. As I know, how strong your security are, there's still another way (backdoor) from others FTP account to break in, so the same house (hosting) still have another fragile door, rite? so we have to work together to keep each other door save. just my humble opinion

Hi Digital,

Sorry for what happened. Hostgator should have told you a little more about this i think because just changing the ftp may not be enough.

I've been working on my site's security for 2 weeks now and all I can tell you is that you have to do a lot more than just change your FTP access.

First thing you have to know is that Wordpress sites are a piece of cake for hackers. They are SO EASY to hack. I learned this a few weeks ago.

You have to protect all the access to your blogs inside the wordpress platform ( don't know if it makes sense to you: a little techy....) but to be more precise, you have to protect the admin folder, your files and so on

your FTP access keys : where do you keep them? If someone can get them easily on your pc then they're not safe

you have to scan your pc with a strong antivirus ( in addition to the one that you already have) to see on a regular basis if you don't have any virus that was not detected by your antivirus.
I use HouseCall - Free Online Virus Scan - Trend Micro USA to scan my pc on a regular basis and i have an anti virus too.

In short, you must be a little paranoid and never think that it won't happen again ....

And be sure that if they managed to do this to you then they may try again sooner or later.

I check my main site's stats every day several times a day and I can see that each time I noticed weird things.
2 weeks ago, someone tried to do something (no time to give you all the details..) but i immediately called Hostgator so they could check.
At first, they told me that they didn't see....
I insisted and took screenshots of my statcounter account so they have evidence and the support guy left a message to the security department.
They came back to me and told me that I had to protect all my wordpress blogs more.....and they did something for me (can't tell neither) and the problem was solved the next day.

After this, I started doing some serious research on the net about security and i learned a lot.
Last week i bought Blog Lock Down by Craig Desorcy and when I realized all I was doing wrong i was like "Oh my...."

First thing that you'll learn in this security tutorial is that the famous Filezilla that we all use IS NOT SECURE AT ALL and all your info can be read by all hackers....
and this is just the start....

I spent last 5 days implementing all the security measures and i can already notice some things that stopped happening....;

Try to do a search in google for "Best wordpress security plugins" then choose and install the ones that you find useful.

Other preventing measures :
-do a back up of all your sites once a week or a month
-change your passwords every month or so
-never use the same passwords for your ftp accounts, paypal, email accounts...
-when you give access to someone (outsourcing team...) ALWAYS check the files after and make sure that they don't have any virus
-secure seriously your wordpress blogs
and much more


Don't get me wrong, I 'm not trying to sell anything here : it's just that I was so frustrated when i learned how weak security was on my site ...

Wordpress sites are easy to set up and manage but what we don't realize is that they are really easy to hack too!

I'm not a security expert. I'm just someone who decided to seriously consider security issues after some bad experiences.
And i'm still doing a lot of things wrong....

This does not mean that someone won't try something but i don't want to make the job too easy for them anymore.

Hope it helps a little

Stephanie

It could have been from any number of things. Again, as all of your sites were done (more or less) this helps narrow the issue (only slightly though) If you use the same FTP details for all your sites then someone may have got hold of your password and attacked them all. If you use different ones you can probably find you've been using a bad public network or have a keylogger or even rootkit on your PC.

However, I think the most likely would be they gained access to your hosting account because from here they would only need a couple of scripts to infect everything. Possibly FTP, possible your normal login for the host or even SSH if it is enabled. It could also be a security exploit on the hosts side

[Edit]
I don't mean to sound like a nagging school teacher but backing up is really advised, especially if you're running so many sites

I just came across this thread. About a month ago I had 2 sites hacked. One was WP but other was built with a diff sitebuilder. My host company fixed things for me as I didn't know how. I only found out when I looked my site up in google and it had a "site is dangerous" warning.

Its very tough time, but you have been strong and taken good steps.
Its hard to say that these steps would prevent from same thing happening again.
I have regular client having these kind of issues.
To get any account hacked, the hacker needs your website access either via FTP or via wordpress.
Normally if you use good FTP client (like filezilla), you are in good direction.

Most of people don't know that even FTP is not secure, the login details can be cracked if you using normal FTP mode.

Let me tell there is SFTP mode. SFTP stands for SSH File Transfer Protocol (sometimes called Secure File Transfer Protocol) .filezilla supports this and even major hosting companies support this.

Just like you have http and https , same way you have ftp and sftp.
you login details completely safe if you using sftp.
just call your hosting company and ask them to enable sftp and help in configure it. (if they dont respond, let me know, i can do that).

I use sftp for all my ftp needs.


Another major reason of these kind of malwares coming is weak plugins,
since you may find lots of new plugins for wordpress those seems so attracting, you get those installed. but many of those plugins are not build to aviod any kind of hacking attacks, so sql injecting things might take place via these weak plugins.
solution -> Always go for well known plugins or get it checked by some developer for its weakness. (if you don't find developer, just send me message).

hope this information helps.