Hacked site…Again
-
For the second time in six weeks a hacker has infiltrated my site with spam-producing malicious files. After the first incident, I reloaded the infected folders with fresh WP folders/files, I changed my passwords to EVERYTHING and meticulously kept plugins and themes up to date.
Now this second time, per suggestion of my host provider, completely reinstalled WP, my themes, and child theme. I saved my database, but of course, reconnecting to it is giving me problems.
My question regards my host provider. When I asked why this is happening there response was the following (see below, inside carrots). I’m wondering if there is also responsibility they are not assuming? Should they be doing more to prevent this from happening? In ten years of using WP, I’ve never had it happen before, let alone twice in such a short time.
>>>>>This is actually a common problem. Hackers use automated tools to find vulnerable sites, and if you are not 100% on top of your updates, using themes or plugins that haven’t been updated in awhile, or keep old scripts or files as backups that aren’t updated that are still accessible to the internet (like dev and test sites) they will have the ability to exploit it and upload files to any addon or subdomain that exists on your account (since file permissions allows them to touch anything owned by your user.
They are doing so, very clearly, from script exploits. Originally it was most likely a script exploit and they uploaded a back door script to keep access even if you updated your scripts. Usually hackers upload these weeks or months in advance to make the initial ingress difficult to find (or impossible on shared hosting accounts like yours since we can’t archive logs forever) and be able to stage attacks even if you think you’ve cleaned things up.
You need to manually audit your site’s code, or just rebuild from scratch using fresh files (you can keep the databases) then you need to make sure anything that is accessible on your site is always 100% up to date, and never use plugins or themes that don’t keep regular updates.
Yes, the files are viewable by others. That’s how they are sending spam. They’re using the backdoors to upload spam scripts, and calling them from the internet to tell them what to do.
There’s no evidence of cPanel or SSH access, but because there are backdoors they have access to anything on your account they can access via SSH. This is usually accomplished using a “php shell” which is a script that lets you run shell commands. As far as your personal computer, we would have no way of knowing that. Generally not, because the emails would come from one of your email accounts, not from php scripts like we’re seeing.
<<<<<
The blog I need help with is: (visible only to logged in users)
-
Hey adunate,
You’re using the self-hosted WordPress version.
We can only help the website hosted at WordPress.com.
Please post your query in the WordPress.org support. https://wordpress.org/support/
Only your web hosting company can have a look at this.
Thanks
- The topic ‘Hacked site…Again’ is closed to new replies.
WordPress.com Forums 