- This topic is empty.
-
AuthorPosts
-
October 8, 2012 at 3:08 pm #828636
wbprofitsMemberI can have my Server guy fix it,but he probably charges about $40. I think.
Just let me knowOctober 8, 2012 at 3:46 pm #828641
bosshoggsMemberWhat a nightmare! Anyone have advice to share?
(Hope it’s ok rmeeuwsen, but I moved your thread to the General Discussion section for more exposure…)
October 8, 2012 at 5:05 pm #828656
gokkenMemberSorry to hear about this mate, it’s a PITA.
Unfortunately the horse has bolted.
But, once you get the site up again, I’d suggest doing the following:- Always update your WP to the latest version, including plugins.
- Add a cronjob to do daily DB back-ups (there are a few plugins for this).
- Chmod you .htaccess to 400 or 440.
- There are WP plugins which will limit the number of failed login attempts. These can also be set-up to send you an email in such cases.
You’ll find some good stuff here about hardening your wp files, directories and .htacess file.
Hardening WordPressYou may also find this plugin helpful:
WordPress › BulletProof SecurityIf your using a static IP you can add a deny all (accept your IP) to a .htaccess file within the wp-admin folder. However this can play havoc with plugins. 9 times out of 10 hackers will use some type malicious injection string or gain access to your .htaccess file or use brute force to try to gain access to wp-login. The later is why it’s good to use at min a 11 character password: Alpha + Numerical + Special Character.
It’s also advisable to change the DB prefix from the generic wp_ to something else (always keep the trailing underscore “_“. If this is a New install do this via wp-config. If your changing an installed WP, make changes to both your wp-config and also your database to reflect the new prefix name.
Change the generic User-Name (used to log into wp-login.php from admin to something else. This can be done via your Database. Browse the SB entry users and look for the admin (will be first entry). Edit this entry and look for the following:
- user_login (change from admin to something else)
- user_nicename (change from admin to say your site name)
- display_name (change from admin to say your site name)
At the end of the day, if someone wants to gain access they will. However, it’s your job to make it a PITA. To the point where most will give up and move onto something easier.
October 9, 2012 at 4:07 pm #828689Anonymous
InactiveThanks to GamblingShares and AussieDave
But before I spend a few $, I’d prefer to learn how to do it myself. The old adage “give a man a fish and you feed him for a day, but if you each a man to fish you feed him for a lifetime” applies here.
Also, another old adage says “you can lead a horse to water, but you can’t make him drink” usually applies to AussieDave’s great tips.
But for all you out here that do not have a backup system, this adage is what you need to listen to “an ounce of prevention is worth a pound of cure”. So in keeping with still another adage about “closing the barn door after the cows have gotten out”, my preferred wordpress backup is ‘WP-DB-Backup’ by Matzko – it gives you easy automatic setting options to email the backup to you or save them to your site. Automatic backups can also be set to weekly, daily, 2x a day, hourly or never.
However, does anyone have a ‘fix’ for this type of hack???????
October 9, 2012 at 4:12 pm #828691
wbprofitsMember@rmeeuwsen 245541 wrote:
However, does anyone have a ‘fix’ for this type of hack???????
yes, repair your site !
there is no “do this” fix
You have to remove his code and a few other thingsOctober 9, 2012 at 4:16 pm #828692
wbprofitsMemberalso I just back up in my c panel .it is safer
maybe an un updated plug in allowed that damage you have !
the more plug ins you have the more vunerability you have !
October 9, 2012 at 4:31 pm #828693
gokkenMember@rmeeuwsen 245541 wrote:
does anyone have a ‘fix’ for this type of hack?
Without knowing how it was hacked, your question, it’s like asking how long is a piece of string!
There could be any number of vulnerabilities present, not only with regard to your WP installation but also your hosting account in general.
@GamblingShares 245543 wrote:
yes, repair your site !
there is no “do this” fix
You have to remove his code and a few other thingsI’ll add, You need to trash the entire site, WP install and all. Delete every file and every directory. I’d contact your hosting provider too and get them to scan your account,
It’s possible he’s gained access above the root, so unless all files and directories are checked and sanitized, you run the risk of a backdoor having been installed and open to further abuse.
I’d recommend when you have this all sorted you install the Bullet Proof Plugin. It locks things up pretty tight and hardens the be-jebbers out of WP. Enough to make it a PITA and hopefully force them to find an easier target.
October 9, 2012 at 4:38 pm #828694
wbprofitsMemberAussieDave seeing the site and even the redirect admin page , you do not need to trash the site.
also there are scanners for sites to check on on malware and other things.that bullet proof plug in does look awesome and I will look into it .
Keeping sites uptodate with components, themes, plug in modules or whatever the CMS calles them is the Key to keeping a site safe .The rest are the deadbolts and such !
October 9, 2012 at 4:51 pm #828698
gokkenMember@GamblingShares 245546 wrote:
AussieDave seeing the site and even the redirect admin page , you do not need to trash the site.
I don’t agree.
Whilst this looks like a hack for the primary purpose of taking control and defacing the site, I wouldn’t risk it. I think anyone who is hacked needs to be mindful of the possibility that a backdoor could have been installed.
While there are programs to scan for malware and such, these are only as good as who programmed them, nothing beats deleting.
I don’t think he’s dealing with a script kiddie for example. Hence, I’d be leaning well on the side of caution, even if deleting in your view is overkill, it’s far better being safe than sorry, imho.
October 9, 2012 at 4:57 pm #828699
wbprofitsMemberjust from some online site scanners
http://www.fanooss-co.com/wp-includes/js/jquery/jquery.js?ver=1.7.2
http://www.fanooss-co.com/wp-content/plugins/tubepress/sys/ui/static/js/tubepress.js?ver=3.4.1they showing in his site
October 9, 2012 at 4:59 pm #828700
wbprofitsMemberI agree with deleting 100%
but you should not try and learn in this situation.
but no need to delete the whole site and start fresh
October 9, 2012 at 5:12 pm #828701
gokkenMember@rmeeuwsen 245541 wrote:
my preferred wordpress backup is ‘WP-DB-Backup’ by Matzko
I’m assuming you mean this one:
xxhttp://austinmatzko.com/wordpress-plugins/wp-db-backup/Seems like that plugin is woefully outdated WP 2.7.
The current WP version is 4.3.2And looking at the support forum tells me the developer has well and truly dropped the ball on this. The forum is nothing more than a haven for link spammers.
If your not using the latest WP version or plugins, then your inviting peeps to hack you!
October 9, 2012 at 5:21 pm #828702
wbprofitsMembermaybe this 1 WordPress › WP-DB-Backup which is same author maybe same old outdated plug in
Last Updated: 2010-12-21
and rmeeuwsen if you were hacked 2 days ago and HAD NO BACK UP how can you even type my preferred wordpress backup is ‘WP-DB-Backup’ by Matzko
then should have used your preferred wp backup that is outdated almost 2 year years !
October 9, 2012 at 5:25 pm #828703
gokkenMember@GamblingShares 245552 wrote:
I agree with deleting 100%
but you should not try and learn in this situation.
If you have the knowledge to know what your doing, sure!
The operative word here is “knowledge”. Without any disrespect to the OP, we know he’s using at least one plugin that was developed for use with WP 2.7 which was released way back in December 11, 2008.
What version of WP is he using?
What other plugins are used that are out of date?All these answer invaluable questions.
I should have asked these from the get-go, instead of assuming anything.October 9, 2012 at 5:29 pm #828705
wbprofitsMemberAD agree
but it can be fixed as is .. to fix the hack should be done before and updating or adding more stuff!
hell take a back up from the cpanel ! be for the fix and after itthen he would have to update version and plug ins for security reasons atleast !
-
AuthorPosts