WordPress.org

Ready to get started?Download WordPress

Forums

Website hacked by FTP Hacker (3 posts)

  1. Juan Quaglia
    Member
    Posted 3 years ago #

    Hi! This is the second time that "FTP Hacker" hack my website, and I can´t find a solution in forums. The last attack was today, and the previous one some months ago. I always solve the problem replacing the index file of the WordPress installation and replacing the index file of my theme. The website works fine now, but I suposse there is still some kind of vulnerability or hidden trojan. I also identified and erased a strange php file from my root, named "n.php". I didn´t found rare code in my .htaccess file. My website is http://www.juguetesdecoleccion.com. I´d appreciate any help you can give me, I don´t want this to happen again.

  2. ce_bradm
    Member
    Posted 3 years ago #

    Hi Juan,

    Sorry to hear about the hack. Those can definitely be a pain.

    I'm not sure the steps you took when you were hacked previously, but I personally would start off with making sure all of my software is up to date.

    For example, make sure your website is running the most up to date version of WordPress. Not only do newer versions of WordPress look better ;) but sometimes they include security updates as well.

    Next, you'll want to make sure all of your WordPress plugins are up to date as well. Not only can WordPress be vulnerable, but the plugins can be insecure as well. There are many tutorials online that teach others how to develop plugins, and those that create plugins may not have any training / experience with website security.

    Your website may have been hacked via ftp, or via a vulnerability within software you're running. If the hack was done via ftp, evidence should be in the ftp log files ( /var/log/messages ). Those logs are not kept forever, so I would recommend contacting your web host immediately and ask if they will check the logs for you.

    If the hack was made via the url, then you'll want to look at your server logs for anything out of the ordinary. For example, your site is http://www.juguetesdecoleccion.com. If you look at the logs and see requests for things like:
    http://www.juguetesdecoleccion.com/?var=5&url=http://domain.com/n.php
    ... (notice n.php in the url) then you may have your culprit.

    Let me know if this helps or not. It can be very difficult to find out exactly how you were hacked, but I'm more than happy to help poke around to see what we can find.

    - Brad
    Web Hosting Hub Support

  3. roseba
    Member
    Posted 3 years ago #

    Did you ever figure out what this was? Because I've done almost all the steps that people have suggested to "harden" WordPress and have done numerous reinstalls (clean) and still could not unhack my site.

    It continues to come back.

Topic Closed

This topic has been closed to new replies.

About this Topic