Web Development Thread, Website getting hacked in Coding and Web Development; Hi Guys
Hope you can help.
Our adult education get constantly hacked, we change passwords, remove all dodgy files, what ...
24th June 2013, 09:44 AM #1
Website getting hacked
Hope you can help.
Our adult education get constantly hacked, we change passwords, remove all dodgy files, what ever we can find, but after few days website is hacked, they just put own index.php. They leave all the content undamaged, but some files as well, like cpanel cracker - I usually upload whole website again, which is clean. But I have no idea how we can stop that. I have very limited knowledge about website hacking and website in general - someone designed website for us.
We use easyspace for hosting, website is done with wordpress and third party theme. Last time I have change all passwords, cpanel, ftp, wordpress admin password, change secret keys as well - and today after a week hacked again.
Can anyone help?
IDG Tech News
24th June 2013, 09:49 AM #2
Have you you changed the actual username from admin to something else for the website? IIRC read something about doing that for security, correct me if I am wrong guys.
24th June 2013, 09:49 AM #3
1. Check cPanel is up to date
2. Check Wordpress is up to date
3. Check plugins are up to date, disable any you aren't actively using.
4. Check whether your third party theme is up to date (yes, even themes can have a security vulnerability). If it is a publicly available theme, can you name it/give a webpage for it?
24th June 2013, 10:04 AM #4
Cpanel, we have to check with hosting guys, but all other things were just updated few weeks ago, and we thought it will help. All plugins and theme updated as well.
The webpage address: claverham-education.co.uk , I'm fixit it now, so hackers website is gone.
24th June 2013, 10:11 AM #5
Install this plugin and go through the 'traffic light' suggestions to lock your site down.
WordPress › Better WP Security « WordPress Plugins
Thanks to creese from:
william_tropico (25th June 2013)
24th June 2013, 10:13 AM #6
There is also a recent security update to Wordpress, now 3.5.2.
24th June 2013, 10:24 AM #7
Is this a shared or dedicated host? First step is to make sure you've changed the MySQL User's password, and that your admin account for Wordpress doesn't use 'admin' as the username.
Last edited by Marci; 24th June 2013 at 10:32 AM.
24th June 2013, 10:43 AM #8
Silly question is ftp secure ftp?
24th June 2013, 10:50 AM #9
I think hostings is not on dedicated servers.
Normal FTP, can't connect with SFTP, is either easyspace don't offer it or our proxy settings blocks it, but I think they just do not offer it.
24th June 2013, 10:57 AM #10
If you're not on a dedicated host you should contact EasySpace support and notify them of the breach, as it may have compromised other accounts on the server.
24th June 2013, 11:20 AM #11
did that already, telling the truth they are not brilliant
24th June 2013, 11:24 AM #12
Move it. I can recommend Vidahost, they will move the site for you. They are cheap too.
Originally Posted by kcymer
24th June 2013, 11:29 AM #13
Is it a new index.php or is yours being modified?
If it's the latter, your need to sanitise your inputs. [In other words, it's the comments or the search bar. Possibly the username/password boxes, but I doubt it.]
I took a while to reply because I was poking your website a bit.
24th June 2013, 11:33 AM #14
playing with the site now.
24th June 2013, 11:55 AM #15
I think your problem might be the thumb.php script in your theme itself.
There was quite a big security issue surrounding Tim Thumb as it's called, so much so that WooThemes removed it from all of their themes to make sure security was good. I would suggest checking this over as I know it compromised a few of my clients sites that I host, but a refresh of a recent backup, combined with the new database and removal of the thumb.php script worked a treat. Doesn't look like WPLocker (or wherever you got the WPStore theme from) has updated that though.
Seems to be in /v7/wp-content/themes/WPStore/thumb.php
Worth a check.
By dhasmet in forum EduGeek Joomla 1.5 Package
Last Post: 6th October 2008, 11:11 AM
By ZeroHour in forum IT News
Last Post: 28th March 2008, 12:16 PM
By _Bat_ in forum Web Development
Last Post: 27th July 2007, 10:17 AM
By wil0 in forum General Chat
Last Post: 1st May 2007, 09:21 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)