Jump to content

Help my WP site was hacked


grabenair

Recommended Posts

I have a personal Word Press site. It was hacked last night. What they did is put random links on all of the pages. I went into the editor and under html to get the links out but that was not it. I had to just delete the words and replace them. That took care of the problem for now. I am using BPS Security That is how I new something was up right away, sent me an email.

My question is does anyone know of a plugin or some code that will stop this. I do know who it is but I live in the States and can not afford to go to Germany to visit this person. I am guessing that this is the person because they have been on the site more than me and keep changing there IP address but the latitude and longitude are the same and I kept blocking there IP address because they kept trying to go to wp-index.php and administrator.

Link to comment
Share on other sites

I just had fun with a hacker a couple weeks ago (NOT) - in my case, they got in via an old (dormant) zenphoto application and first attacked my .htaccess file and then pretty much most .php files.

 

I deleted the entire zenphoto folder and had to reinstall wordpress (which was easier than cleaning up every single file).

 

I have Google Analytics on my site, which showed me the traffic source as a file in the zenphoto folder. Mainly, if you cannot figure out how they got in, make sure to change all your passwords (host, ftp, database, wp-admin). One site suggested to create a new profile in your wp-admin with a new username, give it full rights and then delete the current one.

 

Hope this helps and you figure out how to lock this @$$hole out for good.

Link to comment
Share on other sites

Have you checked your .htaccess files? make sure to scroll around so the stuff isn't hidden way down there or something.

 

You're saying you see nothing on any php files? (Check for saved date for clues which ones might have been altered)

Link to comment
Share on other sites

I like to add that if you have recently discovered the hack and that you don't have time to mess with trying to resolve the issue then you can check with your host about backups. Most hosts will go back 7 days. As for the database, typically the host don't back it up for you but you can set it up to run your own backups daily. WP might have a plugin as well for backups.

 

And if you do have backups, be sure to wipe clean (delete) the files/databases that's there now before you upload your backup or else you will end up with the same headache.

Link to comment
Share on other sites

Yes WP has a plug in for back up, I get an email weekly. Also I am a back up nut I have all of my sites backed up on the server, on my pc, on my lap top and on a flash drive.

I tool Andyrea's advice and changed myself as the admin and now I am changing my password daily. This is ok for my personnel site but when a client gets hacked it is a little more of a problem.

I still have not figured out how they put links all over, still working on it. Although I will probably never get it. I just hope to stop it in the future.

I thought about taking the site down for awhile but it is a help site kinda like this one just not as good. But I have 15 members on my help forum so I just beefed up the security a bit and hope that works.

Edited by grabenair
Link to comment
Share on other sites

  • 1 month later...

I was hacked once on a different level to my wordpress blog (I know how infurriating it is believe me), this person was trying to get into one of my services I run on my own hosted web server (I leave it on all the time), so as a precaution I downloaded a package to my firewall to block them by their repeating IPs if they make x number of attempts to login within certain times then they get auto blocked from my router (stops them getting into anything) using pfSense, then took the hosting company the IP address went to a whois and made an abuse report to them (where actually in America in my case) and gave them the logs of the information, if you have their IP address then why not do a whois lookup and find out which company those IPs come from?

 

They will without a doubt have some kind of abuse email you can report to as even in the well developed countries will have an abuse email to report misuse of their network, their breaking their ISPs rules if they attempt to hack into your application, in the UK this is known as a breach of the Computer Misuse Act which can have huge implications, the US has a very similar act they go by.

 

I would personally report them, I just did and I have experienced my site being allot faster again thank god.

 

Best of luck with it!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...