My website had been hacked

Home Forums BulletProof Security Free My website had been hacked

This topic contains 3 replies, has 4 voices, and was last updated by  Luong Ngoc Anh 2 months, 1 week ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #31719

    redbusiness
    Participant

    Good morning.

    Since more than one month i have on one of my wordpress multi sites a big problem, that the site is permanently hacked one by week. First i have always been using wordfence as security plugin, but also with this plugin it got always hacked. Now i tried one week ago your free version and had been really happy that one week had been nothing, but today in the morning i got the info, that the site is hacked ;-(

    I am using the latest version of WordPress and following plugins:

    All 404 Redirect to Homepage
    Antispam Bee
    Better WordPress Google XML Sitemaps
    BulletProof Security
    Clean Image Filenames
    JP Widget Visibility
    Multi-Site Site List Shortcode
    Pretty Link Lite
    SEO Friendly Images
    Wordfence Security
    WP Permalauts
    wpSEO

    From my server i got at 2:30 today a message that there are files infected – see my security log here https://www.dropbox.com/s/14v5nkxj8694g5z/security%20log.txt?dl=0. Here are some examples https://www.dropbox.com/s/holj0n4n58i5zes/Examples%20Hack.docx?dl=0 how it looks like when its hacked.

    I have really no clue, where the attackers can always come in. I always make a fresh installation, set up everything new, look the code through and and and…

    Do you think that your premium version can handle this or can you give me a tip what i am doing wrong to fix this problems and get back to a normal day 😉 ?

    I appreciate your help and time!

    Addon:

    Mostly the attackers try to lookup the xmlrpc.php – but this is blocked on my whole server.

    Now they always try to lookup a session.php file in the a theme folder, but there is no such file in this folder – see here https://www.dropbox.com/s/tgx1buz4p91me2u/attack.png?dl=0

    Sure i can now block all the thousands IPs which are trying to access this file which is not there, but this will only blow out my database and slow down my server.

    Has your plugin or the premium version a rule, to block this that i can sort out that problem?

    Greets

    #31723

    AITpro Admin
    Keymaster

    Once your website and hosting account are hacked you will need to completely clean up your hacked website and hosting account.  BPS Pro does not automatically clean up websites and hosting accounts that are already hacked.  There are a few plugins that claim that they can clean up a hacked website, but those plugins will only find obvious hacker files/code and not any of the hidden hacker files/code.  The hack will just keep returning since not all hacker files/code were removed/cleaned up.  See this forum topic for the steps to clean up a hacked website and hosting account:  https://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/

    #34311

    georger
    Participant

    [Spam Comment Allowed by AITpro Admin]
    Best to harden your WordPress plugins and consider a new hosting firm. I own a web design agency in Sydney and I use have my internal devs clean site, but it was a painful process. I now use these guys to clean and protect client sites: http://www.siteguard.com, they’ve been rock solid. There are plenty of options around

    #35654

    Luong Ngoc Anh
    Participant

    Don’t use nulled theme, plugin.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.