WordPress.org

Ready to get started?Download WordPress

Forums

Hacked site and local malware check (6 posts)

  1. lee.stanley3
    Member
    Posted 1 year ago #

    I run a wordpress website that has been hacked since August. Mainly fishing and over each month getting more and more folders and files in to my back end.

    I have changed all log in details, tired to change htaccess codes, reinstalled clean themes and folders plugins etc. followed the wordpress hack guidance information.

    Initially my host provider removed the folders, Yet this time they have said the site contained html hack landing page a few php shell scripts. They have also created a fake paypal fishing site was established. the files were uploaded via FTP after a successful login.

    They also indicate that the IP address which they were uploaded from was in Great Britain. This is a different IP than most of the connections to my account, but there was also an upload of a number of images to a wp-content/uploads/gallery from it.

    My host has taken my site down completely...which I need to get up and running.

    Now my host is saying it is possible that there is a security problem on my local computer. I have run scans on my pc to make sure that it is free of malware. Malwarebytes, Super Antispyware (both free editions). I have a McAfee AV and scan frequently.

    Is there any more I can do to detect if my computer has scripts, malware or anything on it.

    I am even considering system restore. I run vista. I know its not as secure as Win7 is this something I should change?

    If you need anymore information let me know.

  2. shadez
    Member
    Posted 1 year ago #

    been there done that...
    i did a complete clean installation, as in, remove 'everything' from server, install WP, reload DB/config files etc, and upload theme. let the plugins be for now.
    if you are on vps, throw away the current build altogether and start wit new ubuntu and latest php and sql etc wit security tweaks...
    and then secure your installation. firstly, generate new salts and include in config.php: https://api.wordpress.org/secret-key/1.1/salt/
    that will throw off any currently loggedin hacker. chk/delete users.
    write protect all folders; include blank index file in all folders or include options -Indexes in htaccess. thats the basics. more stuff can be found online...

    coming to ur local m/c, which ftp client do you use? sftp/ssh?
    malwarebytes is good enuf.. not sure of mcafee but avast can do a boot scan for you. also, chk installed programs.. use programs like ccleaner and glary (check cnet downloads) to clean junks and keep ur pc clean...

  3. lee.stanley3
    Member
    Posted 1 year ago #

    Thanks for the information.

    Im using Filezilla... tried to set it as sftp but not sure if that was the way in which I was uploading may have been. Ill install avast then and see where that gets me...

  4. lee.stanley3
    Member
    Posted 1 year ago #

    Shadez do you recommend any specific security tweaks for the ubuntu and php sql?? I know I was on vps.

  5. shadez
    Member
    Posted 1 year ago #

    i suggest using LTS for ubuntu. php and mysql shud be 5+ (linode gave me 4.x by default sometime back so sayin. yeah u can use sudo apt-get install php5 anyways..).
    you will need security tweaks for apache.. lot of materials out there for httpd.conf.. and write protect all folders etc, use logging..
    zillions of other small things to do..
    for linux starters try this: http://library.linode.com/security/basics

  6. lee.stanley3
    Member
    Posted 1 year ago #

    Shadez done all this and more, reinstalled all core files just need to upload my content. Still worried the content will have scripts or shell scripts in there.

    How would you go about reinstalling this content?

    Cheers

    Lee

Topic Closed

This topic has been closed to new replies.

About this Topic