+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
Web Development Thread, Website getting hacked in Coding and Web Development; Hi Guys Hope you can help. Our adult education get constantly hacked, we change passwords, remove all dodgy files, what ...
  1. #1
    kcymer's Avatar
    Join Date
    Nov 2007
    Posts
    149
    Thank Post
    4
    Thanked 9 Times in 8 Posts
    Rep Power
    15

    Website getting hacked

    Hi Guys

    Hope you can help.

    Our adult education get constantly hacked, we change passwords, remove all dodgy files, what ever we can find, but after few days website is hacked, they just put own index.php. They leave all the content undamaged, but some files as well, like cpanel cracker - I usually upload whole website again, which is clean. But I have no idea how we can stop that. I have very limited knowledge about website hacking and website in general - someone designed website for us.

    We use easyspace for hosting, website is done with wordpress and third party theme. Last time I have change all passwords, cpanel, ftp, wordpress admin password, change secret keys as well - and today after a week hacked again.

    Can anyone help?

    - Kris

  2. #2
    north-ict's Avatar
    Join Date
    Sep 2010
    Posts
    733
    Thank Post
    207
    Thanked 148 Times in 112 Posts
    Rep Power
    106
    Have you you changed the actual username from admin to something else for the website? IIRC read something about doing that for security, correct me if I am wrong guys.

  3. #3

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    1. Check cPanel is up to date
    2. Check Wordpress is up to date
    3. Check plugins are up to date, disable any you aren't actively using.
    4. Check whether your third party theme is up to date (yes, even themes can have a security vulnerability). If it is a publicly available theme, can you name it/give a webpage for it?

  4. #4
    kcymer's Avatar
    Join Date
    Nov 2007
    Posts
    149
    Thank Post
    4
    Thanked 9 Times in 8 Posts
    Rep Power
    15
    Cpanel, we have to check with hosting guys, but all other things were just updated few weeks ago, and we thought it will help. All plugins and theme updated as well.

    The webpage address: claverham-education.co.uk , I'm fixit it now, so hackers website is gone.

  5. #5

    creese's Avatar
    Join Date
    Feb 2009
    Location
    -28° 31' 48.89", +28° 25' 37.42" ... if only.
    Posts
    3,253
    Thank Post
    181
    Thanked 375 Times in 304 Posts
    Rep Power
    174
    Install this plugin and go through the 'traffic light' suggestions to lock your site down.

    WordPress › Better WP Security « WordPress Plugins

  6. Thanks to creese from:

    william_tropico (25th June 2013)

  7. #6

    creese's Avatar
    Join Date
    Feb 2009
    Location
    -28° 31' 48.89", +28° 25' 37.42" ... if only.
    Posts
    3,253
    Thank Post
    181
    Thanked 375 Times in 304 Posts
    Rep Power
    174
    There is also a recent security update to Wordpress, now 3.5.2.

  8. #7
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    895
    Thank Post
    84
    Thanked 235 Times in 194 Posts
    Rep Power
    82
    Is this a shared or dedicated host? First step is to make sure you've changed the MySQL User's password, and that your admin account for Wordpress doesn't use 'admin' as the username.
    Last edited by Marci; 24th June 2013 at 09:32 AM.

  9. #8
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    1,008
    Thank Post
    42
    Thanked 83 Times in 79 Posts
    Rep Power
    22
    Silly question is ftp secure ftp?

  10. #9
    kcymer's Avatar
    Join Date
    Nov 2007
    Posts
    149
    Thank Post
    4
    Thanked 9 Times in 8 Posts
    Rep Power
    15
    I think hostings is not on dedicated servers.

    Normal FTP, can't connect with SFTP, is either easyspace don't offer it or our proxy settings blocks it, but I think they just do not offer it.

  11. #10
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    895
    Thank Post
    84
    Thanked 235 Times in 194 Posts
    Rep Power
    82
    If you're not on a dedicated host you should contact EasySpace support and notify them of the breach, as it may have compromised other accounts on the server.

  12. #11
    kcymer's Avatar
    Join Date
    Nov 2007
    Posts
    149
    Thank Post
    4
    Thanked 9 Times in 8 Posts
    Rep Power
    15
    did that already, telling the truth they are not brilliant

  13. #12

    creese's Avatar
    Join Date
    Feb 2009
    Location
    -28° 31' 48.89", +28° 25' 37.42" ... if only.
    Posts
    3,253
    Thank Post
    181
    Thanked 375 Times in 304 Posts
    Rep Power
    174
    Quote Originally Posted by kcymer View Post
    did that already, telling the truth they are not brilliant
    Move it. I can recommend Vidahost, they will move the site for you. They are cheap too.

  14. #13

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,142
    Thank Post
    596
    Thanked 1,960 Times in 1,358 Posts
    Blog Entries
    19
    Rep Power
    818
    Is it a new index.php or is yours being modified?

    If it's the latter, your need to sanitise your inputs. [In other words, it's the comments or the search bar. Possibly the username/password boxes, but I doubt it.]


    I took a while to reply because I was poking your website a bit.

  15. #14
    kcymer's Avatar
    Join Date
    Nov 2007
    Posts
    149
    Thank Post
    4
    Thanked 9 Times in 8 Posts
    Rep Power
    15
    playing with the site now.

  16. #15
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,403
    Thank Post
    648
    Thanked 277 Times in 244 Posts
    Rep Power
    78
    I think your problem might be the thumb.php script in your theme itself.

    There was quite a big security issue surrounding Tim Thumb as it's called, so much so that WooThemes removed it from all of their themes to make sure security was good. I would suggest checking this over as I know it compromised a few of my clients sites that I host, but a refresh of a recent backup, combined with the new database and removal of the thumb.php script worked a treat. Doesn't look like WPLocker (or wherever you got the WPStore theme from) has updated that though.

    Seems to be in /v7/wp-content/themes/WPStore/thumb.php

    Worth a check.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Our school website (with edugeek joomla package) HACKED
    By dhasmet in forum EduGeek Joomla 1.5 Package
    Replies: 21
    Last Post: 6th October 2008, 10:11 AM
  2. Replies: 2
    Last Post: 28th March 2008, 11:16 AM
  3. Website hacked...
    By _Bat_ in forum Web Development
    Replies: 8
    Last Post: 27th July 2007, 09:17 AM
  4. hertfordshire grid for learning website hacked.
    By wil0 in forum General Chat
    Replies: 7
    Last Post: 1st May 2007, 08:21 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •