WordPress.org

Ready to get started?Download WordPress

Forums

[closed] Site was hacked and sending out spam (11 posts)

  1. astima
    Member
    Posted 1 year ago #

    This is the second time, my site was hacked. The first time I had my permissions set incorrectly and I fixed that. Now it is happening again. I've changed my security keys, username and password. I was able to find the code that was installed and erase it.

    After I was hacked the first time I installed the limit login access plug-in. Someone is definitely continuing to attempt to get in because I can see it in the plug-in. I've had 414 failed to login attempts and lockouts in two weeks.

    I am working my way through the WordPress My Site Was Hacked document, but does anyone else have any other suggestions? Should I hire someone to look into my site? If so, any recommendations on where to look for someone to hire?

  2. Pioneer Valley Web Design
    Member
    Posted 1 year ago #

    Sucuri is well respected for such.

  3. Krishna
    Volunteer Moderator
    Posted 1 year ago #

    Should I hire someone to look into my site? If so, any recommendations on where to look for someone to hire?

    Yes. If you are not sure about doing the complete cleanup, you can hire someone by posting here: http://jobs.wordpress.net

  4. astima
    Member
    Posted 1 year ago #

    I have been doing some research on my hacked site and I believe it is a brute force attack. I had the limit login plug-in installed and I am receiving tons of emails notifying me that someone is attempting to login and fail repeatedly. It's always from a different IP address.

    I have found several articles on ways to increase the security of my website from these types of attacks and am working on this. My concern is that since I was already hacked adding these security measures is useless if they created a backdoor. I can't find any articles as to what to do if your site is already hacked.

    What should be my first step other than increasing the security? I erased the file that was originally sending out spam. But seeing that my site was hacked twice, I must be missing something.

    I am sorry if this is so confusing, but I am at such a loss as to what to do.

    Any help would be greatly appreciated.

  5. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

  6. Krishna
    Volunteer Moderator
    Posted 1 year ago #

    I erased the file that was originally sending out spam. But seeing that my site was hacked twice, I must be missing something.

    Sure. The missing puzzle is that you only removed the files that contained the hacker's codes or whatever indicating a hack (only the symptom). But hackers always leave a back door or an entry point through which they can easily gain entry (the root cause). You could not locate that or guess where they could be and hence did not remove those security holes. Hence, you need to go through all the steps as suggested by WPyogi. Read all the links/files carefully, make notes, remove suspicious looking codes and strings.

    Sorry to say, this often requires a little bit of practical experience and knowledge of the software that you are working with. You can gain this expertise by reading and practicing, best done on your local WordPress installation (on your computer) or a test site. If you are not confident enough, you may need to hire a professional to do the job for you. It's not such a big deal, but if you are serious about your site and its future, it's worth it.

    As regarding hiring, beware of job-seekers contacting you, probably through these forums. They may be just as good as you (or even bad). But of course, you can try posting on http://jobs.wordpress.net or make a Google search for professional sites or individuals of reputation who can do your job.

    Good Luck!

  7. astima
    Member
    Posted 1 year ago #

    I think I found a suspicious file called WP.modules.php. It was altered the day I started having issues. I am not a super expert in code, but it does refer to sending emails. It was located in my uploads folder. Is there a way I can confirm if this is suspicious are not?

    PS thanks for all the help so far. It's been very helpful!

  8. Krishna
    Volunteer Moderator
    Posted 1 year ago #

    It's an implant by the hacker.

  9. astima
    Member
    Posted 1 year ago #

    Should I delete it?

  10. Close to home Blog
    Member
    Posted 6 months ago #

    I am not sure if I was hacked, I recieved multiple emails while I was away from my desk about file changes. Then one saying over 1100 files deleted etc. SIte looks fine but what should I do.
    http://www.stayingclosetohome.com

  11. esmi
    Forum Moderator
    Posted 6 months ago #

    @Close to home Blog: If you require assistance then, as per the Forum Welcome, please post your own topic.

    This 9 month old topic references an old version of WordPress.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags