Hacked Website Cleanup, Restore, Reinstall

Home Forums BulletProof Security Free Hacked Website Cleanup, Restore, Reinstall

Tagged: ,

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • January 30, 2013 at 12:07 pm #2097
    Tim
    Member

    Hi Guys
    I’m not sure if Bulletproof is the  source of the leak, but you managed to get injected too. On my site I have a recurring iframe injecting. I’ve patched, and re-installed and cleaned – but it keeps coming back – even after hardening WP (following the document you provided) and changing passwords and using MULTIPLE plugins for protecting. So I though WTF? I may have to toss BP, to determine if it is related.
    Even in my 400.php of Bulletproof I got injected as you can see below.
    If you are interested in assessing my site to have a look at your plugin and the site, you are more than welcome.
    Cheers,
    Tim

    January 30, 2013 at 12:07 pm #1535
    Tim
    Member

    Hi Everyone
    Relatively knew to WP after using joomla for so long. My question is that only on my GoDaddy webhosted site ( I use other hosts), hackers keep injecting a htaccess file into the wp-content folder. I blocked them from the root and wp-admin – but still they get in. This is a brand fresh install, with clean directly and database.
    Im looking for help to plug the hole. I have scanned, searched, patched and locked it down with 3 different plugins (including BP) and they are still getting in. BP doesnt have a create htaccess for wp-content button so I just copied one from the root over.
    Also, does anyone know a plugin that shows new files changes or file sizes by date and time which will allow me to identify file changes
    Thanks
    Tim

    January 30, 2013 at 12:31 pm #1536
    AITpro Admin
    Keymaster

    Most likely one of your passwords has been cracked.  Please see this Forum Topic

    http://forum.ait-pro.com/forums/topic/website-is-already-hacked-will-bps-pro-automatically-fix-or-remove-the-hackers-files-and-code/

    You will need to completely lock down your website with Directory Password Protection in your Go Daddy Control Panel and change all of your passwords.  Then I recommend that you make a backup of anything you want to keep and then delete your files and database and install everything all over again.  Trying to find all hackers backdoor files is challenging even for an experienced website recovery / dehacking specialist.

    January 30, 2013 at 12:35 pm #1538
    AITpro Admin
    Keymaster

    Also you cannot use an htaccess file in your wp-content folder.  It will break your website.  The root .htaccess file is recursive which means the security protection is applied already to your wp-content folder, but that does not do anything to protect your website if a password has been cracked.

    January 30, 2013 at 1:48 pm #1560
    Tim
    Member

    Thanks I will password protect the dir. However, I did through a .htaccess into the wp-content folder and the site still seems to be working fine from front and backend. There might come a point when I need to remove it but its holding (if it still gets hacked I’ll post here again). I can’t explain the password part of it, since with each fresh install I used a different db username/password and logins, so I’m not sure how they are getting passed by directory. I totally emptied out the host dir and delete all the old dbs. But I do have some suspicions I wasn’t aware of until you mentioned the directory passwords – I’ll post my suspicions later on.
    Is there a plugin you familar with that shows the last files wordpress files to be modified?
    Thank you in advance for the help.

    January 30, 2013 at 3:17 pm #1568
    AITpro Admin
    Keymaster

    Look around the Internet to see best practices regarding hardening WordPress, creating secure passwords and hacked website cleanup to find out all the info you need to know to get a good start with a completely clean site.

    I guess search the WordPress plugin repository for the features that you are looking for.

    February 18, 2013 at 5:09 pm #2099
    AITpro Admin
    Keymaster

    Any file can have code added to it if the hacker already controls your website since it is obviously hacked.  The code may or may not have been injected.  Typically what I see is a hacker controls a hosting account with a hacker Shell script.  They can do anything they want to all of your websites under your entire hosting account including editing files, adding their own code, creating user accounts, etc, etc, etc.  Bottom line is if your website is already hacked then you either need to restore it from a good backup or your need to make a backup of your database, nuke the hacked site, install a new site and import your content database tables into your new database.

    See this Forum post for more info:  http://forum.ait-pro.com/forums/topic/website-is-already-hacked-will-bps-pro-automatically-fix-or-remove-the-hackers-files-and-code/

     

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.