by clou
13 replies
Some of my clients I designed websites contact me about their websites has been hacked. I fixed and deleted the codes and after few hours it's back. I had to find the malicious codes one by one. Some of the codes are hidden iframe installed on javascripts. I need help from geeks and some informative advice. Thanks!
#hack #wordpress
  • Profile picture of the author tmtechno
    Did you update your wordpress installation to the latest version? You need to do that asap.

    Next, disable third party plugins one by one and check if the hack is gone. A lot of wordpress plugins are vulnerable to sql injections and hack attacks.

    Use a tool like Netsparker Community Edition,Free SQL Injection Scanner & XSS Scanner to check for sql injection vulnerabilities.

    Inform your hosting support about the attacks. Many hackers gain access through insecure servers.
    {{ DiscussionBoard.errors[7077422].message }}
    • Profile picture of the author Minista
      Most of the time the hackers inject some code into your template.

      I got that problem a few weeks ago.

      1) Go to your Website admin panel and use a tool like phpmyadmin to open your database. If the hacker change your email address or username. Change the information there. Use the password recovery to change your password.

      2) Just delete the template that you are using and upload a fresh copy of the template.

      Now the hacker message will be gone most of the time....

      3) Use some plugins to secure your your Wordpress Website
      a) Make sure that your database table names are not the defaults. Change all the prefix of the table with a plugin.

      b) secure the folders

      4) Once everything is working fine, make a backup of your Website.
      Signature

      Google Maps Contact Extractor, a google maps scraper software (Scrape google places data)
      Yellow Pages Scraper software an easy to use Yellow pages scraper software
      Yelp Data Scraper software, extract data from yelp website.
      Management-Ware Extract Anywhere, Website data extractor software, create your scraper to extract data from almost any website. Door to door CRM software.

      {{ DiscussionBoard.errors[7079451].message }}
  • Profile picture of the author WireNine
    Inform your hosting support about the attacks. Many hackers gain access through insecure servers.
    90% of wordpress hacks happen due to outdated wordpress installations and/or plugins.

    1. Update all passwords

    2. Make sure no backdoor files exist

    3. update all wordpress installations and plugins

    4. remove any plugins not being used.

    Follow guidelines here http://codex.wordpress.org/FAQ_My_site_was_hacked
    Signature
    WordPress Hosting â–º FAST SSD Reliable Web Hosting Since 2004.
    Shared Hosting, Reseller Hosting and VPS Hosting
    {{ DiscussionBoard.errors[7080057].message }}
  • If you've removed the malicious code and it's back, there's a backdoor somewhere on your hosting account that you are overlooking. It's allowing remote attackers the ability to modify your files at will. Do any of your sites use timthumb? If you're not sure, go get the timthumb vulnerability scanner plugin and check - this has been a major vulnerability because it's typically left outdated, this will help you if it is.

    Look for any php files in any image, css, upload, download, cache, etc directories that would not normally have a php file in them.

    Check any recently modified file contents for base64 strings and thing that point to it being a php shell such as “FilesMan”, “c999sh” either using GREP (if you have SSH access) or FTP if you have no other choice.. If you find files like this, DELETE THEM.
    Signature
    {{ DiscussionBoard.errors[7087718].message }}
  • {{ DiscussionBoard.errors[7090110].message }}
  • Profile picture of the author WebVyz
    I strongly recommend installing a tool such as WordPress Security Plugin by WebsiteDefender

    Security is a major concern for any website, and if you are developing several sites for clients, it would be wise to look at consultants who specialize in security. It's a huge responsibility, and may be more than one person alone can handle; so having experts handle something like that, starting with simple tools to oversee the better-known exploits to hiring consultants who will constantly review and recommend security improvements.
    Signature

    Gen Press Team - GenPress.net
    Automatically turn any WordPress WebSite into a growing and traffic grabbing Authority Content Site optimized for ALL relevant keywords & phrases.

    {{ DiscussionBoard.errors[7129485].message }}
  • Profile picture of the author Lchoate
    I know exactly what you are talking about and have seen this before myself. Are you using the "ToolsPack" Plugin? If so, that's your culprit. That little booger writes some obfuscated javascript code to place a tracking pixel on your pages. The server that the pixel lives on is either dead or unresponsive most of the time so you end up getting big time JS errors which prevent some themes from loading.

    Start with your plugins. When the "hacker" comes back, it is quite often just a plugin being run again. Google all your plugin names and make sure everything comes back clean.
    {{ DiscussionBoard.errors[7130574].message }}
  • Profile picture of the author so11
    All of the known Wordpress security plug-ins are installed, all website configurations and tune-ups are done, personal computer is running fine… but my website/blog got hacked again! Why? Am I doing something wrong? Is something missing? Where is the problem?

    Here is a little security advice for Internet marketers…the problem is your misunderstanding of what security is. Information and computer security is a state/status (ex.: of a website) that needs to be achieved and maintained continuously. It is achieved by implementing a set of secure practices such as configurations (ex. plug-ins, add-ons, etc.), maintenance and processes (ex. password change). And that’s where most of us stop. We forget to continue keeping it secure. We change code and configurations, install new plug-ins and add-ons and forget to check if it is still secure.

    read more here : My website got hacked again? | Security | ITadvices.com
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[7131133].message }}
    • Profile picture of the author Kingfish85
      Originally Posted by so11 View Post

      All of the known Wordpress security plug-ins are installed, all website configurations and tune-ups are done, personal computer is running fine... but my website/blog got hacked again! Why? Am I doing something wrong? Is something missing? Where is the problem?

      Here is a little security advice for Internet marketers...the problem is your misunderstanding of what security is. Information and computer security is a state/status (ex.: of a website) that needs to be achieved and maintained continuously. It is achieved by implementing a set of secure practices such as configurations (ex. plug-ins, add-ons, etc.), maintenance and processes (ex. password change). And that's where most of us stop. We forget to continue keeping it secure. We change code and configurations, install new plug-ins and add-ons and forget to check if it is still secure.

      read more here : My website got hacked again? | Security | ITadvices.com
      ^^This. Exactly this.

      Installing plugins help, but it's more of a mental thing than anything. I'll list a few tips below that will certainly help.
      • Keep Wordpress up to date
      • Update your plugins
      • Don't use plugins that aren't supported/developed any longer
      • Change admin username via the database, not the friendly name
      • Don't install plugins for simple tasks like adding Google Analytics
      • Use a 3rd party scanner such as SiteLock, GeoTrust etc (can help with alerting/checking for malware,xss etc.
      • Password protect your wp-admin directory at the server level - 2 separate usernames/passwords
      • If you value your websites, stop using cheap services that the spammers use
      • Use CloudFlare - they have a number of security tools, country blocking etc available
      • Be sure your host is not using an out of date or known exploited mySQL and/or php version
      • Move your wp-config file into the home/ directory
      • wp-admin/ & wp-includes/ should only be writable by your user account (as a few others under wp-content)

      By changing the permissions on some of the directories, it could possibly break the functionality of a few things so be sure to do your research first.

      Changing the table prefix & admin username help, but are not fool proof. Any malicious user that knows that they are doing can easily get the site to display errors that show the user, table prefix, paths etc. This is only security by obscurity. (out of sight out of mind kind of)

      Make sure YOU are taking regular backups. There's too many free or cheap backup services out there and there's no reason why you can't use one of them. Even if you can't pay for it, cPanel (if using cPanel) has a backup utility built right in that will package up your entire account. Your host may also offer backups that you can use.

      There's a few tips that will hopefully help some people out here. There's more, but I won't go into detail.
      {{ DiscussionBoard.errors[7155306].message }}
      • Profile picture of the author ivander
        If malicious script is back after a while, you should check Cron Job script inside your WP installation and also server Cron script (usually inside /etc/cron.d) . If there is some part of script that copy unknown files from one location to another you should delete those lines.
        {{ DiscussionBoard.errors[7242470].message }}
  • Profile picture of the author lordspace
    Are you using the latest version of WordPress?

    Export the content of your client's site into RSS
    WordPress Admin > Tools > Export all content.

    then have your developer look the exported files just in case if there is anything that looks like programming/executable code.
    Signature

    Are you using WordPress? Have you tried qSandbox yet?

    {{ DiscussionBoard.errors[7138688].message }}
    • Profile picture of the author A007A
      Use the latest version of word pres and make sure there is no back door or malicious cod in your system.
      This will in the form of scripts left the hacker or modification to existing file.
      change your password after upgrading and make sure hacker didn't create another user.
      {{ DiscussionBoard.errors[7154088].message }}
  • Profile picture of the author Rotwic
    You should go to the root level (hosting level) and inform them about these intrusions.
    {{ DiscussionBoard.errors[7154165].message }}

Trending Topics