My site has been hacked

Blacklabpictures

Blacklabpictures

Messages
125
Name
Martin
Edit My Images
Yes
Hi guys,


it is twice in 7 days. I have a backup but it start to be pain in the ...Someone has similar situation ?

Is some kind of cyber police department in UK ? Can I report it somewhere ?
 
Time to change your webhost?
 
Blacklabpictures said:
Hi guys,


it is twice in 7 days. I have a backup but it start to be pain in the ...Someone has similar situation ?

Is some kind of cyber police department in UK ? Can I report it somewhere ?
Click to expand...

Change your login of your host main account and your FTP to random long passwords and make them different
 
I would have thought your webhost would have had some sort of security to prevent hacking but perhaps I'm wrong.
What are your webhosts saying about it?
 
Talk to your host, they should tell you how it was hacked and when. It might be your issue or it could be an issue on the server affecting more than just your site.


Change your FTP and any other logins

Ensure you use FTP over SSL so that you aren't broadcasting your password to everyone.
 
Passwords done yesterday, veeeery long and random.

They backing it up from security backup from yesterday. Problem is, I have done hell of the work with SEO today, all work for nothing...

I am fed up. In Poland we have a special police department where you could raport such thing. Chance to catch a hacker close to zero but...maybe it is some teenager stupid enough to left some tracks.

Will I found such police in UK ?
 
Blacklabpictures said:
Passwords done yesterday, veeeery long and random.

They backing it up from security backup from yesterday. Problem is, I have done hell of the work with SEO today, all work for nothing...
Click to expand...

Make sure the old passwords arent reinstated when its done, didnt you make a baclup after your SEO work
 
I doubt it is Wordpress 3.5 that is an fault here, I have been using the latest version myself across a number of sites without any problems.

I think the issue is more likely to be an out of date/malicious plugin
 
I have got only:

All in One SEO Pack
Jetpack by WordPress.com
Lightbox Plus

all for almost year or longer. I have just recived the log raport. They said that attack was through a gap in wordpress directly.
 
So your site is hosted on wordpress.com?

And you have reported this to them and they say it is a fault with their software?
 
timthumb is the image resizing script included in many themes (not core wordpress). There have been a series of vulnerabilities which have allowed people access.

There is a free plugin called TimThumb Vulnerability Scanner which will scan for out of date versions and replace them with the latest version.
 
Blacklabpictures said:
Donno, I have got Kingsize theme. waiting for their support to have a look.

Website works, thanks MHUNK for idea, I will instal it :)
Click to expand...

Hang on, up there you said they had told you it had happened through a gap in WordPress directly - How can this be if, as you have just said, you are waiting for there support to have a look?

If your site has been hacked then the first thing you should do is report it to the security department of your host, do not tough your site or do anything to it until you have heard back from them
 
Keith W said:
Hang on, up there you said they had told you it had happened through a gap in WordPress directly - How can this be if, as you have just said, you are waiting for there support to have a look?

If your site has been hacked then the first thing you should do is report it to the security department of your host, do not tough your site or do anything to it until you have heard back from them
Click to expand...

And I did. First an alarm to hosting company. They said it was not directly through server (no logs) but rather through a gap in wordpress themed website. Hence my mail to theme maker support :) Now I wait for their opinion.
 
Seriously I would not be contacting the person who made the theme you are using.

You host should be the one helping you to get this sorted.

At the end of the day an exploit can affect the server the site is on so it is in there best interest to help you.

If your host are unwilling to help you resolve this then it may be time to look for a new host
 
Keith W said:
Seriously I would not be contacting the person who made the theme you are using.

You host should be the one helping you to get this sorted.

At the end of the day an exploit can affect the server the site is on so it is in there best interest to help you.

If your host are unwilling to help you resolve this then it may be time to look for a new host
Click to expand...

Who said they are unwilling ? Website is back and they helped me straight away :) I have sent the raport of my host company to Kingsize theme designer to help them to get the theme better and safer :)
 
Just in case the hackers try again, change the file permissions on index.php and index.html to r-- (read only) although it really depends on how they managed to change the files - either via FTP or via the WP admin section. If you have a Control Panel that allows you to enable/ disable FTP I'd also suggest disabling FTP (you can re-enable it as needed).

Good luck and hope you don't get hacked again.
 
Seriously Martin I am trying to help you here but if you are not going to tell us the full story or just drip feed information then I am out of here.

Good luck in getting this sorted
 
Keith W said:
Seriously Martin I am trying to help you here but if you are not going to tell us the full story or just drip feed information then I am out of here.

Good luck in getting this sorted
Click to expand...

What else can I say ? For me the html related stuff is just...black magic :) It is not my bad will or something :) Rather my influent English language ;)

Security raport is in Polish, I do not know even how to translate some phrases :D

Only clear thing is that some pieces of code and graphic used to hack my homepage were linked to: http://xcruzz.blogspot.co.uk/

What else can I do ? Hosting company did well IMHO, they backed up my website in 2h. Should they do more ?
 
My apologies Martin

I would still put my money on an insecure plugin

As the report is in polish I am unlikely to make any sense of it.

I feel that the mark of a good host is that when you report something like this that they will help you from start to finish in identifying what went wrong, making good the situation, helping you to understand what went wrong and helping you to make sure it doesn't happen again.

You have some really great pictures on your website by the way
 
Keith, they did, cleaned catalogues of rubbish files etc. And a backup files from 10.00 o`clock.

And in the raport they showed me the code related to that blog I mentioned in the last post here which was used as a attack through wordpress :) This is why I wrote to the theme developer :) Not to ask him for help but to tell him about possible exploits and dangers. Maybe it is some insecure plugin in the theme itself, hidden like in-built or something, this is why I wrote to the developer :)

And I do appreciate your help here :) Good to know that people are friendly here and can tell a good word to calm my nerves :D
 
It is never nice when something like this happens to your website

My reason for saying not to necessarily contact the person who made your theme was based on personal experience, I was once hacked myself and it turned out to be the theme designer who was the guilty party.
 
Keith W said:
It is never nice when something like this happens to your website

My reason for saying not to necessarily contact the person who made your theme was based on personal experience, I was once hacked myself and it turned out to be the theme designer who was the guilty party.
Click to expand...

WHAT ??!! Omg...

No, this wans`t him :) I am sure he has better things to do and he is sucessful with his designs, doesn`t need to hack *** :)
 
It has only happened the one time to me, I am far more cautious these days
 
Sadly, I have two or three attempts a day to hack my blog. Theres things you can do, don't use 'admin' as a username. Make sure permissions on wp-config.php are set to 600 so no one else can read it (your readers don't need to read wp-config.php) Its also possible if you have cpanel access to move wp-config up one level in the directory tree so its no even in your public folders, but only if your blog isn't on a subdomain of your hosting.

Also go through & delete any users you don't recognise.

None of which helps even slightly if you're using shared hosting and they don't secure things properly at their end

to add - change your keys in wp-config using the generator http://api.wordpress.org/secret-key/1.1/ which will destroy any log in cookies help by anyone and chuck them out if they are still logged in to your blog
 
Last edited:
boyfalldown said:
Sadly, I have two or three attempts a day to hack my blog. Theres things you can do, don't use 'admin' as a username. Make sure permissions on wp-config.php are set to 600 so no one else can read it (your readers don't need to read wp-config.php) Its also possible if you have cpanel access to move wp-config up one level in the directory tree so its no even in your public folders, but only if your blog isn't on a subdomain of your hosting.

Also go through & delete any users you don't recognise.

None of which helps even slightly if you're using shared hosting and they don't secure things properly at their end

to add - change your keys in wp-config using the generator http://api.wordpress.org/secret-key/1.1/ which will destroy any log in cookies help by anyone and chuck them out if they are still logged in to your blog
Click to expand...

I've just created a Wordpress site and it won't let me change the username from admin. Is there something else I can do?

Also how do you change permissions on the config and move it up a level?

Sorry for questions but its totally new to me.
 
Dan_H said:
I've just created a Wordpress site and it won't let me change the username from admin. Is there something else I can do?

Also how do you change permissions on the config and move it up a level?

Sorry for questions but its totally new to me.
Click to expand...

You can't change a user name once created without either messing with the database, or using a plug in to do it. The easiest way is to create a new administrator account and then log into that account and delete the user 'admin'

Use an FTP client to change permissions on config.php, and move it up a level (remember you can only move it up a level if our blog is in the root directory of your sire
 
You must log in or register to reply here.
Back
Top