Help Securing My Site

My site was hacked.

Page 1 of 1

9 Replies - 1093 Views - Last Post: 17 November 2010 - 11:50 PM

#1 heyoman1  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 64
  • View blog
  • Posts: 735
  • Joined: 30-November 09

Help Securing My Site

Posted 15 November 2010 - 05:17 PM

How can i get rid of this hacker once and for all? They call themselves "SauDi Genuises TeaM". First off, here is my site. I just know that i installed wordpress on it a few days ago, and now it's been hacked since yesterday. I deleted the index page, and replaced it with a fresh one from the wordpress.org site. And it's still hacked. How can i get rid of them, and get my site back under my control?

This post has been edited by macosxnerd101: 15 November 2010 - 05:21 PM
Reason for edit:: Title renamed to be more descriptive.


Is This A Good Question/Topic? 0
  • +

Replies To: Help Securing My Site

#2 creativecoding  Icon User is offline

  • Hash != Encryption
  • member icon


Reputation: 926
  • View blog
  • Posts: 3,205
  • Joined: 19-January 10

Re: Help Securing My Site

Posted 15 November 2010 - 05:59 PM

This could have been anything. What software did you have on the site? did you edit any of the codes? Can I see a full structure of all files/dirs?
Was This Post Helpful? 0
  • +
  • -

#3 heyoman1  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 64
  • View blog
  • Posts: 735
  • Joined: 30-November 09

Re: Help Securing My Site

Posted 15 November 2010 - 07:45 PM

I just has wordpress. I did install a few plugins. Joke of the day, better bio box, and then Members. Members let's you alter the permissions of roles you give. So I did this to enable contributors to post pics with posts. But other than that, that's it.
Was This Post Helpful? 0
  • +
  • -

#4 Lemur  Icon User is online

  • Pragmatism over Dogma
  • member icon


Reputation: 1371
  • View blog
  • Posts: 3,458
  • Joined: 28-November 09

Re: Help Securing My Site

Posted 15 November 2010 - 11:30 PM

Make sure to have all of the latest patches downloaded and running. It looks like they got to the database and did a number on it.

I will say they have no design sense... Comic Sans, I mean really? Looks like a bunch of script kiddies using a premade hack screen and exploits someone else made, make sure to download the ABSOLUTE LATEST version of wordpress.

More than likely the attack was made via a google search that would return your version of wordpress, alerting the newbies that your site is vulnerable.

Again, download the absolute latest version of wordpress, purge the database (or just delete), delete the entire folder, and just start completely clean.
Was This Post Helpful? 1
  • +
  • -

#5 Shane Hudson  Icon User is offline

  • D.I.C Technophile
  • member icon

Reputation: 343
  • View blog
  • Posts: 1,286
  • Joined: 06-December 09

Re: Help Securing My Site

Posted 16 November 2010 - 10:40 AM

LOL at the Comic Sans comment!

The best way to find out how to stop them is to find out how they got in. Are you certain it was through a security flaw with Wordpress? It could be a security flaw in your database or even possibly cpanel!

In fact, have you tried just changing the password and email address? A very common way that hackers get in is actually by just either knowing, guessing or cracking your password. But remember, do not JUST change the password as the hacker could have access to your email and just reset the password by knowing the email address.

It really depends on how secure you are, if you know that your computer is keylogger free and there is no way of passwords being guessed etc. then it may well be to do with Wordpress (though I do think unless it is a very old version, Wordpress is fairly secure... surely they would hack well known websites which use Wordpress instead?).
Was This Post Helpful? 0
  • +
  • -

#6 heyoman1  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 64
  • View blog
  • Posts: 735
  • Joined: 30-November 09

Re: Help Securing My Site

Posted 16 November 2010 - 01:00 PM

As far as I know, I downloaded wordpress via cPanel. That installation also created a database for it. On the cPanel description, it said that it was version 3.0.1. Ad according to my admin panel, it was the latest version. So what ever the installation in cPanel did must have somehow left a flaw. But that is just my guess.
Was This Post Helpful? 0
  • +
  • -

#7 Lemur  Icon User is online

  • Pragmatism over Dogma
  • member icon


Reputation: 1371
  • View blog
  • Posts: 3,458
  • Joined: 28-November 09

Re: Help Securing My Site

Posted 16 November 2010 - 01:09 PM

Also, make sure to take the admin directory and change it to some random name only you would recognize. Linking will only be available to you who knows the absolute address.

EX:

Default: http://www.wordpress.com/wp-admin

Better: http://www.wordpress...-admin-heyoman1

Best: http://www.wordpress...f-doom-1337-lol

...or something like that. The harder it is to find the admin panel the harder it will be for a hacker to get to it in the first place. I would do a manual install of wordpress if I were you. It might also be one of the plugins introduces a vulnerability to the page.

Now if you really want to have some fun make the default admin folder into a trap or something that will attack rogue accessors.
Was This Post Helpful? 0
  • +
  • -

#8 Shane Hudson  Icon User is offline

  • D.I.C Technophile
  • member icon

Reputation: 343
  • View blog
  • Posts: 1,286
  • Joined: 06-December 09

Re: Help Securing My Site

Posted 16 November 2010 - 02:07 PM

Haha Lemur, that makes so much sense.. why have I never done that before?!

Another thing you need to be careful of is chmodding to 777, the maximum should be 755 and usually you can get away with 644!
Was This Post Helpful? 0
  • +
  • -

#9 heyoman1  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 64
  • View blog
  • Posts: 735
  • Joined: 30-November 09

Re: Help Securing My Site

Posted 17 November 2010 - 10:50 AM

i have no idea what the 777 or 755 thing is..
Was This Post Helpful? 0
  • +
  • -

#10 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3541
  • View blog
  • Posts: 10,239
  • Joined: 08-June 10

Re: Help Securing My Site

Posted 17 November 2010 - 11:50 PM

they are *NIX file permissions as used by the chmod command.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1