WordPress.org

Ready to get started?Download WordPress

Forums

all my WP sites are being hacked over and over (2 posts)

  1. joehark
    Member
    Posted 2 years ago #

    I have small hosting biz that I have built up over many years on a dedicated managed server. I am not a programmer. I can't even write HTML code. But I do know how to read and get along OK fixing things with copy / paste. But I am now pretty much at my wits end. I host about 40 WP sites and over the past few weeks, it's a rare one that has not been hacked at least once; some as many as four times.

    I have tried cleaning them out but although the attacks and defacing are now down to "only' two or three a day, they do continue with impunity.

    I have gone into the hacked sites and made sure everything is updated. I have removed all unused themes and plugins. I have hardened the passwords. I have deleted all users execpt admin.

    A few days later, the same site gets it again. In one that happened today, I fund the logs contain a strange sequence of the following access attempts to every file in the site:

    178.63.175.103 - - [30/May/2012:13:29:31 -0400] "GET / HTTP/1.1" 200 147953 "-" "Java/1.6.0_04"
    178.63.175.103 - - [30/May/2012:13:29:33 -0400] "GET /wp-login.php HTTP/1.1" 200 2564 "-" "Java/1.6.0_04"
    178.63.175.103 - - [30/May/2012:13:29:33 -0400] "GET /xmlrpc.php HTTP/1.1" 200 42 "-" "Java/1.6.0_04"

    That's just the first four lines. It goes on for more than 100. Based on that time stamp, it seems to be the successful attack.

    So, my questions are, what can I do to stop these attacks? what can I change so they are not effective?

    Any advice or help would be greatly appreciated. I am not a charity case but I am 79 years old and this is the only thing I have that gives me a better life than Social Security.

  2. JarretC
    Member
    Posted 2 years ago #

    Change all passwords that have anything to do with your hosting business (email, ftp, server logins, control panel accounts, webmail accounts).

    Don't use admin as the username for WP accounts,

    Hire a professional security remediation company to look over your server configuration to see if there are any weakspots. Switch to a different hosting company that provides managed services (if you aren't using that already).

    Read http://codex.wordpress.org/Hardening_WordPress if you haven't already. Although continuous hacking leads me to believe it could be a server vulnerability rather than WordPress itself.

Topic Closed

This topic has been closed to new replies.

About this Topic