• You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

My websites Hacked By AnonymousFox

Moh Farawati

Moh Farawati

Active member
Oct 4, 2019
390
111
43
WorldWide
trustfans.com
Hi there,

today I got all my WordPress sites hacked by AnonymousFox, all admin username change it to AnonymousFox, there is a Database in Cpanel but not working! I don't know how!

Admin ID: 1
-user_login: AnonymousFox


I use nulled template Impreza and all my plugins from Babiato

Is there anything I can do to restore my sites!
 
  • Like
Reactions: gzaqrjx
Moh Farawati said:
Hi there,

today I got all my WordPress sites hacked by AnonymousFox, all admin username change it to AnonymousFox, there is a Database in Cpanel but not working! I don't know how!

Admin ID: 1
-user_login: AnonymousFox


I use nulled template Impreza and all my plugins from Babiato

Is there anything I can do to restore my sites!
Click to expand...
Did you use plugins from other sources.
 
please read
forums.cpanel.net

SOLVED - cpanel login after AnonmousFox hack

After an attack by AnonymousFox, with a lot of effort, I have regained control of the server. If I try to login to cpanel directly from WHMCS I get in no worries. However if I try to login from the login page it fails with A network error occurred during your login request. Please try again...
forums.cpanel.net forums.cpanel.net
 
  • Like
Reactions: Loneley, Roligarz, die2mrw007 and 1 other person
NullMaster said:
please read
forums.cpanel.net

SOLVED - cpanel login after AnonmousFox hack

After an attack by AnonymousFox, with a lot of effort, I have regained control of the server. If I try to login to cpanel directly from WHMCS I get in no worries. However if I try to login from the login page it fails with A network error occurred during your login request. Please try again...
forums.cpanel.net forums.cpanel.net
Click to expand...
my sites on Plesk not Cpanel, sorry

and I have more than 3 websites in WordPress too for clients, all working well, just my personal sites with nulled stuff get hacked.
 
Theres a chance that your theme or plugins were not up-to-date with the latest version. When a theme/plugin is exploited, the creator usually patches it relatively soon. Since your website uses nulled components, you can't auto-update them and need to wait until someone on this site uploads the latest version.

It's starting to become common, which is why people need to check if they're running the most recent versions and also why you need to make daily or at least weekly backups. (y)
 
Potatos said:
Theres a chance that your theme or plugins were not up-to-date with the latest version. When a theme/plugin is exploited, the creator usually patches it relatively soon. Since your website uses nulled components, you can't auto-update them and need to wait until someone on this site uploads the latest version.

It's starting to become common, which is why people need to check if they're running the most recent versions and also why you need to make daily or at least weekly backups. (y)
Click to expand...
You right, I have full backup weekly, and now I did a new WordPress version, and I buy my theme never add anything nulled :/

Do you have any advice to protect the site in the future regarding this thing?
 
Moh Farawati said:
Hi there,

today I got all my WordPress sites hacked by AnonymousFox, all admin username change it to AnonymousFox, there is a Database in Cpanel but not working! I don't know how!

Admin ID: 1
-user_login: AnonymousFox


I use nulled template Impreza and all my plugins from Babiato

Is there anything I can do to restore my sites!
Click to expand...
It's obviously this situation should be investigate.

Could you please tell us more info?
Plesk version - Hosting name
Plugins list

And their versions
etc.

Sorry about lost btw hope you will not face again.

"I guess" there have a backdoor a plugin which u use .
 
It was not fault with nulled theme or plugin from here. But a general exploit in file manager system.

With the news that WordPress sites have been probed and attacked this week, according to Defiant, the company behind the Wordfence firewall, this has naturally exposed many bloggers and e-commerce companies’ vulnerabilities. But what has happened?


  • A massive increase in attacks occurred after hackers found a way to exploit a zero-day vulnerability in File Manager (a popular WordPress plugin installed on over 700,000 sites). Naturally, this has thrown many website providers into a panic.
  • The zero-day vulnerability was an unauthenticated file upload. This allowed an attacker to upload malicious files on a site running older versions of the File Manager plugin (versions 6.8 and below).
  • The hacker gained access to an unprotected file from its elFinder package.
The only fix is to keep wordpress, themes and plugins upto date. Use a good hosting priver with proper security measures and firewall which inhibits remote script executions. Good hosting provider may cost more but they keep security in check most of the times.
 
adhi1234 said:
A massive increase in attacks occurred after hackers found a way to exploit a zero-day vulnerability in File Manager (a popular WordPress plugin installed on over 700,000 sites). Naturally, this has thrown many website providers into a panic.
Click to expand...

As you said above guilty is File Manager plugin with File Management system of WP but was @Moh Farawati using that plugin?
 
guguk said:
It's obviously this situation should be investigate.

Could you please tell us more info?
Plesk version - Hosting name
Plugins list

And their versions
etc.

Sorry about lost btw hope you will not face again.

"I guess" there have a backdoor a plugin which u use .
Click to expand...

Thank you for reply
I have the latest update on everything
Also, I have more than good hosting

And also this is a list https://prnt.sc/y2pfba

and my database for another domain on same my sever, get clone to another domain
ex: name.com database cloned to name.net database
like comments and users, and admin email all changed

I don't know how to explain it, but now I delete everything.. فhis should not happen in the future.
 
adhi1234 said:
It was not fault with nulled theme or plugin from here. But a general exploit in file manager system.

With the news that WordPress sites have been probed and attacked this week, according to Defiant, the company behind the Wordfence firewall, this has naturally exposed many bloggers and e-commerce companies’ vulnerabilities. But what has happened?


  • A massive increase in attacks occurred after hackers found a way to exploit a zero-day vulnerability in File Manager (a popular WordPress plugin installed on over 700,000 sites). Naturally, this has thrown many website providers into a panic.
  • The zero-day vulnerability was an unauthenticated file upload. This allowed an attacker to upload malicious files on a site running older versions of the File Manager plugin (versions 6.8 and below).
  • The hacker gained access to an unprotected file from its elFinder package.
The only fix is to keep wordpress, themes and plugins upto date. Use a good hosting priver with proper security measures and firewall which inhibits remote script executions. Good hosting provider may cost more but they keep security in check most of the times.
Click to expand...

i use Filebird plugin this come with Impreza theme.

all my plugin from Babiato.
 
Moh Farawati said:
Thank you for reply
I have the latest update on everything
Also, I have more than good hosting

And also this is a list https://prnt.sc/y2pfba

and my database for another domain on same my sever, get clone to another domain
ex: name.com database cloned to name.net database
like comments and users, and admin email all changed

I don't know how to explain it, but now I delete everything.. فhis should not happen in the future.
Click to expand...
Thanks for info, actually it's really long plugins list.
It's off-topic but you dont use some plugins (classic editor, smtp plugin etc.) just search alternate "without plugin" versions.

Most plugins/addons not familiar to me or did not use before so i could not say anything about that.
 
  • Like
Reactions: Moh Farawati
The only further advice I would give is to just make sure to update any and all plugins/themes as soon as possible before an exploit of a version is found, and make sure to do frequent backups.
 
  • Like
Reactions: Moh Farawati
I've used WordPress for a couple years now and owning a few websites running WP and actually starting out with nulled items I'll put in my 2 cents. For 1 nulled themes/plugins is a great way to test features and thoroughly before actually spending 60-200 dollars on a theme/plugin that you would really like to use ( If from a trusted source). 9 times out of 10 most of the demos available don't show enough and going through the hassle of a refund after the fact is a hassle.

That being said if you're not smart and precautious enough you are opening yourself up for a world of stress. In my opinion nulled plugins should just be used for testing! After that if you have enough or save enough buy the full product if you like what you're using it's very worth it. Like others have said in previous replies people are ALWAYS looking for a chance to exploit outdated plugins & themes ALWAYS. I check my logs and word fence firewall weekly and the amount of attempts on my websites is actually insanity! If you're going to use nulled plugins on a site that's live and gets visitors at least make sure.

1. It's a plugin/theme that gets updated regularly by the developer.
2. You're able to receive and manually update those plugins/themes
3. Read up on WordPress security and get your WP and hosting as secure tight as you can

If the plugins/theme are old and haven't been updated in a while don't bother using it if you're unable to get future updates don't bother. That's just my opinion though.
 
  • Like
Reactions: hostmax, xenio and Moh Farawati
You must log in or register to reply here.

Similar threads

Chido
Convert Websites to Mobile Application
Replies
7
Views
531
General Discussion
NostraDumbAss
NostraDumbAss
AndreiAndrei
Stock Footage Websites?
Replies
4
Views
475
General Discussion
bodHOST
bodHOST
Niji
How do I import prebuild websites in avada 7.11.1 theme?
Replies
1
Views
409
General Discussion
hell_ion
H
Dbrown.sts
How can manga websites scrape manga in such large quantity?
Replies
3
Views
440
General Discussion
consultant3214
consultant3214
A
About resources from babiato on other websites
Replies
1
Views
434
General Discussion
iamsyr.vn
iamsyr.vn

Latest posts

Forum statistics

Threads
79,575
Messages
1,145,636
Members
250,393
Latest member
Keyv

Share this page

Share this page
Top Bottom
Back
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock