Website Been Hacked

[netzowl]

Simple option to get back to clean state is restore an old backup dated back when site was clean.
Most hosting providers have Acronic automated backup system or R15 or some other daily backup system provided for every client including shared hosting clients. Make use of it and restore an old backup from this daily backup server.

And after restoring backup, just secure your websites with higher security.
Some of them are basically to use a stronger password, use two factor authentication for cPanel login and also on websites.
Use directory privacy setup inside cPanel for all sites hosted under it. So, whenever someone tries to login to your wp-admin link, it will popup an additional dialog box with username and password you have chosen for directory privacy and only after successful login of that dialog box, the wp-admin login page will appear for the wordpress site.

Also, change default admin username to something non common. And change the wp-admin login link to something different.

The 1st one, hosting provider cannot do anything and advice my client to rebuild a whole website..again...the 2nd one, the hosting provider said will restore and backup to previous data..we'll see how it goes..

 

[CYBERGYPSY]

Hi all;

Im not posting this thread to talked about my site has been hacked. Just want to share my experience with 2 of my client's website has been hacked. There are malware injected in the files and when you go to the website, it will point to other website.

What i see is they created a new database and change the whole current database and infected all files..

Does anyone faced this problem before?

My 1st client, i used licensed theme from themeforest. 2nd client, i use unlicensed theme from wplocker..

My client consult their hosting provider and what they informed that because of not updating plugins etc..

So guys, in this kind of situation, is it possible to saved the websites? Any suggestions to prevent this kind of attack happen again?

Thanks..

I know there are expert webmasters here who are more experienced than me, but I would like to share something I personally use a plugins which is tried and tested. I use this plugin called WP Hide and Security Enhancer to change my login url and dashboard url and it has been working for me. Here's a link to the mentioned plugin

Spoiler: Link

You don't have permission to view the spoiler content. Log in or register now.

 

[die2mrw007]

The 1st one, hosting provider cannot do anything and advice my client to rebuild a whole website..again...the 2nd one, the hosting provider said will restore and backup to previous data..we'll see how it goes..

Hosting provider sometimes doesnt help to restore from an already provided backup solution. THe client himself will have to restore it under cpanel or seek some tech guy help for this. Its very simple as you just need to login to cPanel and check the daily backup providers like Acronis, R15soft, etc (as different hosting has partnership with different backup solution provider)...click on it and you will see a list of dates upto 30 days older backup in most cases. Just click on the desired date and then click on restore to live. The process will replace all your current files with the backup files.

Its simple usually.

 

[netzowl]

I know there are expert webmasters here who are more experienced than me, but I would like to share something I personally use which is tried and tested. I use this plugin called to change my login url and dashboard url and it has been working for me. Here's a link to the mentioned plugin

Spoiler: Link

You don't have permission to view the spoiler content. Log in or register now.

Noted. Thanks..will look into it ..

 

[netzowl]

Hosting provider sometimes doesnt help to restore from an already provided backup solution. THe client himself will have to restore it under cpanel or seek some tech guy help for this. Its very simple as you just need to login to cPanel and check the daily backup providers like Acronis, R15soft, etc (as different hosting has partnership with different backup solution provider)...click on it and you will see a list of dates upto 30 days older backup in most cases. Just click on the desired date and then click on restore to live. The process will replace all your current files with the backup files.

Its simple usually.

Yeah, they're doing the restoration now..I'll see how it goes..later will try this method .. thanks ya!!~

 

[CYBERGYPSY]

Noted. Thanks..will look into it ..

Glad I could be of help

 

[die2mrw007]

I know there are expert webmasters here who are more experienced than me, but I would like to share something I personally use a plugins which is tried and tested. I use this plugin called WP Hide and Security Enhancer to change my login url and dashboard url and it has been working for me. Here's a link to the mentioned plugin

Spoiler: Link

You don't have permission to view the spoiler content. Log in or register now.

@netzowl He is extremely right. Always secure the wp-admin login page with plugins like these. It makes the site more secure.

 

[netzowl]

Glad I could be of help

Thanks a mill!!~ Really appreciate it..btw its somehow very annoying ya .. they managed to do this to not here but all around the earth lol its like ransomware now..they infected everywhere .. darn

 

[netzowl]

@netzowl He is extremely right. Always secure the wp-admin login page with plugins like these. It makes the site more secure.

Noted..i will definitely use this after this..got to secure all my client's website .. thanks dude

 

[CYBERGYPSY]

Thanks a mill!!~ Really appreciate it..btw its somehow very annoying ya .. they managed to do this to not here but all around the earth lol its like ransomware now..they infected everywhere .. darn

I totally understand the situation. Before I found babiato, I used to download nulled themes from other sources and eventually I ran into some very big trouble. Ads were popping outta everywhere, users were redirected to dirty sites, all files and databases were modified, even the htaccess file was rewritten. So i tried installing this and i rewrited all the urls, wp-content, themes, plugins, login, Dashboard, everything. And it worked like magic.
Even though everything on babiato is totally clean, i still use it just in case things go south.

 

[netzowl]

So the hosting provider just restore the website but still they asked me to remove all the plugins and theme manually and upload back fresh files via ftp .. hope it works lol

 

[slvrsteele]

@netzowl both your sites have the same issue? I mean same redirect? If so the look for similar plugins for both sites, make a list with their version and check against 0-day vulnerabilities. Some of the plugins are vulnerable to code inject and that might be your issue.

It happened to me once with a wp video player taken directly from wp repository and after few days ads and redirects appeared on site also some malicious code was injected in core files.

 

[nesym]

Hi all;

Im not posting this thread to talked about my site has been hacked. Just want to share my experience with 2 of my client's website has been hacked. There are malware injected in the files and when you go to the website, it will point to other website.

What i see is they created a new database and change the whole current database and infected all files..

Does anyone faced this problem before?

My 1st client, i used licensed theme from themeforest. 2nd client, i use unlicensed theme from wplocker..

My client consult their hosting provider and what they informed that because of not updating plugins etc..

So guys, in this kind of situation, is it possible to saved the websites? Any suggestions to prevent this kind of attack happen again?

Thanks..

NUKE EVERYTHING and start from zero. Those types of redirects are black hat SEO tricks using malware. You never know. I would nuke the whole web server, and ofc keep a good backup of it. There are a lot of pups that shit all over your folders, and if you have more than one website on the server, you can be more than certain that it's also affected. Your system files can be affected at some point.

Edit:
If you need help, I can scan the whole thing for you for free and tell you the results and where to look very fast. But if you don't wipe everything, there is a big chance that the hackers already have full access to your server and are going to respawn the malicious codes as soon as you start uploading the clean versions. Just remove the user database table if you want me to check the .SQL too.

 

[darkmesaia]

I think have mentioned it several times on similar topics, it all starts with a proper hosting and with what it provides you. Of course the site should also follow some basic rules such as updates, maintenance core etc. Having a hosting company we maintain a large volume of customers with to much plugins and themes that is not update.

Although our servers are shared hosting we do not leave it to the mercy of God. of course we have doubled the cost for custom or premium systems that a server could have for such or similar reasons, but it is preferable for us.

I can certainly not say that it is 100% safe or that our wall is impassable, but so far we have blocked a large volume. The biggest problem we face, is that in mail they use passwords "123456" with the result that it falls victim to spam and we have problems such as with blacklists, etc.... Yes, unfortunately we are dealing with such ridiculous issues.

Now, in terms of the issues you are facing, are you sure that you have found the causes? I did not understand and I apologize for that, if you are talking about for clues or proofs?

PS: plugins as mentioned in the above posts "wp hide" and other similar, if you use a simple site then you will not have a problem with these plugins, but if you have a complex site, then these plugins may make life difficult. But it is definitely a solution.

 

[sashikanta]

WordPress is prone to hack so use Wp hide kind of plugins and captcha when login. I have a website in Plex control panel and it was never hacked,

• Avoid null plugins and themes
• Use captcha or limit login attempts
• Hide wp metas trough Wp hide kind of plugins
• Aggregate feed through feed burner or disable them
• Use SSL for Admin
  /* SSL at Wp-Config */
  define( 'FORCE_SSL_LOGIN', true );
  define( 'FORCE_SSL_ADMIN', true );
• This one is very important
  
  /* Updates */
  define( 'WP_AUTO_UPDATE_CORE', true );
  define( 'DISALLOW_FILE_MODS', true );
  define( 'DISALLOW_FILE_EDIT', true );

These much can protect from hacking, Note: do not use any security plugins.

 

[netzowl]

@netzowl both your sites have the same issue? I mean same redirect? If so the look for similar plugins for both sites, make a list with their version and check against 0-day vulnerabilities. Some of the plugins are vulnerable to code inject and that might be your issue.

It happened to me once with a wp video player taken directly from wp repository and after few days ads and redirects appeared on site also some malicious code was injected in core files.

Sadly yes, it happened to both my sites. Not the same redirection. What i observed, the 1st one redirected to like 5,6 websites..the 2nd one, i think around 2 website. Both use elementor plugin..the rest is related to woocommerce like shipping etc..

 

[Karthik26]

I also Faced this problem two months ago. I used Really Simple SSL Pro plugin and it came with redirect to spam site. My domain also got ban by Facebook which is the main traffic source to my site. Now i had to throw my 10 years old domain and bought new one and starting fresh!

 

[netzowl]

NUKE EVERYTHING and start from zero. Those types of redirects are black hat SEO tricks using malware. You never know. I would nuke the whole web server, and ofc keep a good backup of it. There are a lot of pups that shit all over your folders, and if you have more than one website on the server, you can be more than certain that it's also affected. Your system files can be affected at some point.

Edit:
If you need help, I can scan the whole thing for you for free and tell you the results and where to look very fast. But if you don't wipe everything, there is a big chance that the hackers already have full access to your server and are going to respawn the malicious codes as soon as you start uploading the clean versions. Just remove the user database table if you want me to check the .SQL too.

Yeah i agree with u..the 1st website i didnt do anything much..cause i didnt provide the client with hosting..he picked hosting provider himself..so he asked them to fix everything..once it was back to normal state. Then its happening again..now the hosting provider give up and asked my client to redo all the website again..which is pain in the a*s for me .. i saw the database. they copied the database and its haywire ..

The 2nd one i already follow suggestions from our fellow in Babiato here .. my hosting provider restore and do some fix but asked me to re-install fresh theme and plugin .. and i also install wp hide .. so far it turns out ok.. but still observing the website..

I would love to if u can scan the website.. anything i should provide for u too scan the website?

Thanks

 

[netzowl]

I also Faced this problem two months ago. I used Really Simple SSL Pro plugin and it came with redirect to spam site. My domain also got ban by Facebook which is the main traffic source to my site. Now i had to throw my 10 years old domain and bought new one and starting fresh!

So sorry to hear that..wow 10 years old domain!! that must be so heartbreaking..

 

[netzowl]

I think have mentioned it several times on similar topics, it all starts with a proper hosting and with what it provides you. Of course the site should also follow some basic rules such as updates, maintenance core etc. Having a hosting company we maintain a large volume of customers with to much plugins and themes that is not update.

Although our servers are shared hosting we do not leave it to the mercy of God. of course we have doubled the cost for custom or premium systems that a server could have for such or similar reasons, but it is preferable for us.

I can certainly not say that it is 100% safe or that our wall is impassable, but so far we have blocked a large volume. The biggest problem we face, is that in mail they use passwords "123456" with the result that it falls victim to spam and we have problems such as with blacklists, etc.... Yes, unfortunately we are dealing with such ridiculous issues.

Now, in terms of the issues you are facing, are you sure that you have found the causes? I did not understand and I apologize for that, if you are talking about for clues or proofs?

PS: plugins as mentioned in the above posts "wp hide" and other similar, if you use a simple site then you will not have a problem with these plugins, but if you have a complex site, then these plugins may make life difficult. But it is definitely a solution.

So my 1st client is kinda cheapscake lol he refused to pay me for website maintenance .. which is only around less then $200 anually .. so the website is left without anyone to look after and updating the plugins all..then when things like this happen, he blame the provider and assume their security is weak and vulnerable to get hack..me and the provider already explain in how maintenance is important to a website but still he blame the provider..

My intention of posting this thread is to asked if any of you here facing this problem and want to let all know that this attack is happening to every part of the world..