+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 22 of 22
Web Development Thread, Website getting hacked in Coding and Web Development; Thanks, just deleted it. Playing with that security plugin. X13 not sure I understand what you said, the index.php is ...
  1. #16
    kcymer's Avatar
    Join Date
    Nov 2007
    Posts
    149
    Thank Post
    4
    Thanked 9 Times in 8 Posts
    Rep Power
    15
    Thanks, just deleted it.

    Playing with that security plugin.

    X13 not sure I understand what you said, the index.php is now how it should be. Just updated everything

  2. #17

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,033
    Thank Post
    591
    Thanked 1,944 Times in 1,345 Posts
    Blog Entries
    19
    Rep Power
    813
    Quote Originally Posted by kcymer View Post
    X13 not sure I understand what you said, the index.php is now how it should be. Just updated everything
    I mean when it's hacked.

    Is the index.php on the server a new hacked version or has the content been rewritten to include the hack?

  3. #18
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,402
    Thank Post
    648
    Thanked 277 Times in 244 Posts
    Rep Power
    78
    Quote Originally Posted by kcymer View Post
    Thanks, just deleted it.

    Playing with that security plugin.

    X13 not sure I understand what you said, the index.php is now how it should be. Just updated everything
    You need to make sure you remove references to it in your theme as well, otherwise it will throw up errors when people try to load pages whilst it tries to find the script to run to get the thumbnails. It might be worth checking you have the latest version of the theme installed as well as they might have removed it from a newer version of it.

    One thing I always recommend with Wordpress is well is the use of Child Themes, so any customisations you make are not lost if you do a theme upgrade and means you don't have to run around patching things. Check out Child Themes WordPress Codex for more info on what they are / how to do it / etc.

  4. #19

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,211 Times in 761 Posts
    Rep Power
    394
    Rather than just removing it (which could break things as @soveryapt suggests), you could use a plugin like this to check if it is vulnerable and update it if required: WordPress › Timthumb Vulnerability Scanner WordPress Plugins

  5. Thanks to AngryTechnician from:

    soveryapt (24th June 2013)

  6. #20
    kcymer's Avatar
    Join Date
    Nov 2007
    Posts
    149
    Thank Post
    4
    Thanked 9 Times in 8 Posts
    Rep Power
    15
    Thanks guys.

    They always replace index.php with own, either in root folder or in v7 folder. I have backup of the site, which is clean, as before they left few php files in random folders, last one I have found was cpanel cracker. So each time I just delete all content and upload backup. Website is not updated very often and it is being done by adult education staff, so sometimes pictures are missing and such.
    I have not designed my self and no way expert in webdesign, we hired someone who we know well. We already suggested child themes, we looking at it now, but something is not working as it should when implemented - site just crashes and goes blank.
    Work in progress

  7. #21
    kcymer's Avatar
    Join Date
    Nov 2007
    Posts
    149
    Thank Post
    4
    Thanked 9 Times in 8 Posts
    Rep Power
    15
    I think I got on something here. I have used suggested plugging for security. One of the option s create quite big .htaccess file with lots of options. I think it stops hackers, but as well stop to display images to not logged in people. I removed that file and few hours later site was hacked. So restored it and put .htaccess back online. Now working on it content, to make pictures on posts visible for everyone. Just need to find good tutorial on use of htaccess

  8. #22
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,402
    Thank Post
    648
    Thanked 277 Times in 244 Posts
    Rep Power
    78
    Quote Originally Posted by kcymer View Post
    I think I got on something here. I have used suggested plugging for security. One of the option s create quite big .htaccess file with lots of options. I think it stops hackers, but as well stop to display images to not logged in people. I removed that file and few hours later site was hacked. So restored it and put .htaccess back online. Now working on it content, to make pictures on posts visible for everyone. Just need to find good tutorial on use of htaccess
    Are your permissions all set ok on your site as it sounds like they either have access to your FTP or Wordpress Admin, a dodgy script somewhere on the site or that permissions have gone funny on your install.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Our school website (with edugeek joomla package) HACKED
    By dhasmet in forum EduGeek Joomla 1.5 Package
    Replies: 21
    Last Post: 6th October 2008, 10:11 AM
  2. Replies: 2
    Last Post: 28th March 2008, 11:16 AM
  3. Website hacked...
    By _Bat_ in forum Web Development
    Replies: 8
    Last Post: 27th July 2007, 09:17 AM
  4. hertfordshire grid for learning website hacked.
    By wil0 in forum General Chat
    Replies: 7
    Last Post: 1st May 2007, 08:21 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •