16 {{ upvoteCount | shortNum }}
16 {{ upvoteCount | shortNum }}

some idiot just hacked my site..

by options
14 replies
yep some hacker just hacked into my site changing the front page into a load of foul mouth crap..

i can still login in to the admin area of the site tho.. and its all fine. the site is in wordpress.. is there anything i can do to stop this happening in the future?

check it out in my sig.. essex jobs
#hacked #idiot #site
  • Profile picture of the author jargonbust
    i am also suffering from hacking kalols
    {{ DiscussionBoard.errors[3593633].message }}
  • Profile picture of the author phpbbxpert
    1. Use a secure password and username, not admin
    2. Password complexity should be mixed characters. If you can remember it, it's not secure.
    3. Limit FTP accounts, and make sure they have long secure passwords.
    4. Make sure directory and file permissions are ChModded properly and not left world wide open.
    5. Make sure the plug-ins you use are secure, if you don't know, don't use them
    6. Same for themes.,
    7. Forms, all forms are dangerous, the input must be validated and sanitized.
    8. If on a shared host, make sure the host has the server security setup properly (You have no control here) but read around and see if the host has a good reputation for security

    The list goes on, there are many ways to hack sites.
    Hackers just start with the basics and work deeper until they find something that works.
    If these basics mentioned above are not covered, you will be hacked as this is where they start.
    {{ DiscussionBoard.errors[3593975].message }}
    • Profile picture of the author ShadowCaster
      Originally Posted by phpbbxpert View Post

      ..
      4. Make sure directory and file permissions are ChModded properly and not left world wide open.
      ..
      Definitely do that, I once left my .htaccess as 777 and someone redirected my site.. The worst part was that I noticed this only after a week.
      {{ DiscussionBoard.errors[3594921].message }}
  • Profile picture of the author Patrick
    Most important.

    Be updated ! Update Wordpress and all your plugins whenever there is an upgrade available. Most don't do this thinking that its "ok".
    Signature
    Freelance WordPress Developer | Free WordPress Themes | Free WordPress Plugins | Free WordPress Support
    {{ DiscussionBoard.errors[3594010].message }}
  • Profile picture of the author Abledragon
    Sorry to hear that - I hope you're back up and running quickly

    It's not just your site you need to protect - you need to protect your entire online environment. This article below goes through what happened to a client of mine and the steps we took to protect her site:

    WordPress Security: Not Just About WordPress | WealthyDragon

    Good luck with getting everything sorted out!

    Cheers,

    Martin.
    Signature
    WealthyDragon - Earning My Living Online
    {{ DiscussionBoard.errors[3594899].message }}
  • Profile picture of the author options
    Thanks guys for the advice.... yes im back up and running again now. i just dont see the point of them doing it? they dont gain anything from it. what i would love is to be in a room one on one...
    Signature
    Compare Website Hosting
    {{ DiscussionBoard.errors[3595673].message }}
    • Profile picture of the author sparkman
      Originally Posted by options View Post

      Thanks guys for the advice.... yes im back up and running again now. i just dont see the point of them doing it? they dont gain anything from it. what i would love is to be in a room one on one...
      In the mind of a young hacker, entropy is the only thing that matters. If they can bring some pain to you, they can lol lol lol about it to their friends.
      {{ DiscussionBoard.errors[3596224].message }}
    • Profile picture of the author viaye
      Originally Posted by options View Post

      Thanks guys for the advice.... yes im back up and running again now. i just dont see the point of them doing it? they dont gain anything from it. what i would love is to be in a room one on one...
      If they do it once, they are most likely to do it again (even if they have no benefit). Suggestions:

      1. Change all your hosting username/password (especially database and FTP)
      2. Keep Wordpress updated at all times - Very Important! Subscribe to their security alerts to be notified of updates.
      3. Be wary of Wordpress plugins that you are using. Often the plugins themselves might be insecure and expose security holes.
      {{ DiscussionBoard.errors[3598143].message }}
  • Profile picture of the author indianbill007
    Congrats to u .....that you are back
    {{ DiscussionBoard.errors[3595808].message }}
  • Profile picture of the author lucidica
    Did you find out specifically how the hacker managed to do that by any chance?
    {{ DiscussionBoard.errors[3597705].message }}
  • Profile picture of the author wayfarer
    One more thing, make sure your wp-config.php file has permissions that don't allow it to be read by anyone other than the owner (600 is a good number). If this file is readable, and you're on shared hosting, if someone sharing your server can find the location of your files through intelligent guessing, they'll be able to read your database login information.
    Signature
    I build web things, server things. I help build the startup Veenome. | Remote Programming Jobs
    {{ DiscussionBoard.errors[3597739].message }}
  • Profile picture of the author TopInBooks
    I don't know what methode the hackers used.. But as you said, you use wordpress, and that is pretty buff agaisnt SQL attacks. Therefore, my best thought is trojans and stuff that have runed on our pc to record keystokes like password and usernames.
    Was the whole hosting/domain account hacked or only the wordpress?

    Clean your pc, update wordpress and change password are my top tips.
    {{ DiscussionBoard.errors[3599943].message }}
  • Profile picture of the author fishermanzz2
    I suggest changing you username and password to pretty much anything that might be related to your site. For instance, your site username and password, your email account password that's associate with your site and anything else you can think of.
    {{ DiscussionBoard.errors[3599961].message }}
  • Profile picture of the author Adam Struve
    Don't ever use pirated premium wordpress themes. It's really easy to sneak in a little bit of malicious code into them, pretty much opening the front door to deface your site or redirect your traffic.
    {{ DiscussionBoard.errors[3601192].message }}

Trending Topics