Site Hacked in middle of installing BPS

Home Forums BulletProof Security Pro Site Hacked in middle of installing BPS

This topic contains 3 replies, has 2 voices, and was last updated by  AITpro Admin 5 years, 10 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #12481

    ThereseO
    Participant

    I was installed BPS Pro and had finished the installation wizard. Everything was moving really slow after. I also recieved this alert after the wizard completed. : “”BPS Pro Alert! Your site does not appear to be protected by BulletProof Security.”

    By the time I was working through this issue I was hacked. gilldawg.com. I haven’t had time to even look through the documentation to see if there is a way to restore my site using your plugin. I have all backups done before I did anything. Help!

    #12483

    AITpro Admin
    Keymaster

    The odds that your site was hacked at the same time you were installing BPS Pro are pretty slim and probably the site was already hacked, but anything is possible so maybe your site was hacked at the same time.

    The current hack is a defacement type of hack, but that could mean that your site was already hacked by another hacking group and then this hacker found your hacked site and then did this hack by using the Shell hacking script that the previous hackers uploaded to your site.  That is a very common thing.

    What you want to do at this point is first is to change all of your passwords:  FTP, WordPress Admin Login, WordPress Database and Host Control panel login.  Then ensure 100% that the backup of the site that you have is really 100% clean and does not already include hackers files/code.

    Next see this post as a reference.  You will either be restoring your site from a backup that you absolutely 100% for sure know is clean or you will be doing the steps in the link below.

    http://forum.ait-pro.com/forums/topic/website-is-already-hacked-will-bps-pro-automatically-fix-or-remove-the-hackers-files-and-code/

    #12490

    ThereseO
    Participant

    Is there a way to block the attackers IP 213.238.175.53

    #12491

    AITpro Admin
    Keymaster

    Blocking by IP address is time consuming and not really that effective unless you know for a fact that the IP address will not change.  Typically hackers and spammers have a pool of millions of IP addresses.  When you block 1 of those IP addresses they use another one………

    If you are trying to protect your Login page then both Login Security and JTC Anti-Spam / Anti-Hacker do that.  Both of these features protect against automated hacker bots and automated spammer bots.  99% of all spamming and hacking is automated with Bots/Bot programs.

    If you want to block this Turkish IP address from being able to get to your website then you would use this “Deny from” code shown below in the examples.  As I stated above most likely the IP address that you block will be switched to another IP address by the hacker/spammer.  If that happens then you would need to add the additional IP addresses that hacker/spammer uses.  That process could go on for a long time and be very time consuming.  BPS Pro has many layers of “Action Security” – hacker X does bad action Y and Z = blocked/forbidden so IP blocking is probably not necessary to do since whatever bad action the hacker/spammer is doing will be blocked.  With that said you need to use basic good general security practices:  Create very secure passwords for everything and never display usernames or passwords publicly.

    Use 3 octets of the IP address so that you are blocking all IP address in the range of 213.238.175.1 – 213.238.175.256

    Deny from 213.238.175.

    Use 2 octets of the IP address so that you are blocking all IP address in the range of 213.238.0.1 – 213.238.256.256

    Deny from 213.238.

    Click this link below for what to add and where to add it in BPS Pro Custom Code.

    http://forum.ait-pro.com/forums/topic/htaccess-block-ip-address-block-access-to-files-by-ip-address/

     

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.