grabenair Posted November 28, 2011 Report Posted November 28, 2011 I have a personal Word Press site. It was hacked last night. What they did is put random links on all of the pages. I went into the editor and under html to get the links out but that was not it. I had to just delete the words and replace them. That took care of the problem for now. I am using BPS Security That is how I new something was up right away, sent me an email. My question is does anyone know of a plugin or some code that will stop this. I do know who it is but I live in the States and can not afford to go to Germany to visit this person. I am guessing that this is the person because they have been on the site more than me and keep changing there IP address but the latitude and longitude are the same and I kept blocking there IP address because they kept trying to go to wp-index.php and administrator. Quote
Andrea Posted November 28, 2011 Report Posted November 28, 2011 I just had fun with a hacker a couple weeks ago (NOT) - in my case, they got in via an old (dormant) zenphoto application and first attacked my .htaccess file and then pretty much most .php files. I deleted the entire zenphoto folder and had to reinstall wordpress (which was easier than cleaning up every single file). I have Google Analytics on my site, which showed me the traffic source as a file in the zenphoto folder. Mainly, if you cannot figure out how they got in, make sure to change all your passwords (host, ftp, database, wp-admin). One site suggested to create a new profile in your wp-admin with a new username, give it full rights and then delete the current one. Hope this helps and you figure out how to lock this @$$hole out for good. Quote
grabenair Posted November 28, 2011 Author Report Posted November 28, 2011 Thanks I did not even think of making me a new user. I did go yesterday and change all of my WP database prefix from WP_ to something else _ I still want to figure out how they made the links on the text but did not show up in my html file, that has me baffled. Quote
Andrea Posted November 28, 2011 Report Posted November 28, 2011 Have you checked your .htaccess files? make sure to scroll around so the stuff isn't hidden way down there or something. You're saying you see nothing on any php files? (Check for saved date for clues which ones might have been altered) Quote
newseed Posted November 29, 2011 Report Posted November 29, 2011 I like to add that if you have recently discovered the hack and that you don't have time to mess with trying to resolve the issue then you can check with your host about backups. Most hosts will go back 7 days. As for the database, typically the host don't back it up for you but you can set it up to run your own backups daily. WP might have a plugin as well for backups. And if you do have backups, be sure to wipe clean (delete) the files/databases that's there now before you upload your backup or else you will end up with the same headache. Quote
grabenair Posted November 29, 2011 Author Report Posted November 29, 2011 (edited) Yes WP has a plug in for back up, I get an email weekly. Also I am a back up nut I have all of my sites backed up on the server, on my pc, on my lap top and on a flash drive. I tool Andyrea's advice and changed myself as the admin and now I am changing my password daily. This is ok for my personnel site but when a client gets hacked it is a little more of a problem. I still have not figured out how they put links all over, still working on it. Although I will probably never get it. I just hope to stop it in the future. I thought about taking the site down for awhile but it is a help site kinda like this one just not as good. But I have 15 members on my help forum so I just beefed up the security a bit and hope that works. Edited November 29, 2011 by grabenair Quote
jsmith1981 Posted January 10, 2012 Report Posted January 10, 2012 I was hacked once on a different level to my wordpress blog (I know how infurriating it is believe me), this person was trying to get into one of my services I run on my own hosted web server (I leave it on all the time), so as a precaution I downloaded a package to my firewall to block them by their repeating IPs if they make x number of attempts to login within certain times then they get auto blocked from my router (stops them getting into anything) using pfSense, then took the hosting company the IP address went to a whois and made an abuse report to them (where actually in America in my case) and gave them the logs of the information, if you have their IP address then why not do a whois lookup and find out which company those IPs come from? They will without a doubt have some kind of abuse email you can report to as even in the well developed countries will have an abuse email to report misuse of their network, their breaking their ISPs rules if they attempt to hack into your application, in the UK this is known as a breach of the Computer Misuse Act which can have huge implications, the US has a very similar act they go by. I would personally report them, I just did and I have experienced my site being allot faster again thank god. Best of luck with it! Quote
rhon4short Posted January 11, 2012 Report Posted January 11, 2012 oh its a badluck, try to reconfig it again. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.