Website hacked multiple times

  • krneki10

    (@krneki10)


    9 years, 11 months ago

    Recently my WordPress based website has been compromised several times. The reason for previous successful hack has been outdated Jetpack plugin and WordPress was also not really updated because of the old theme compatibility. I have afterwards updated WordPress to 4.5.3., updated all the plugins and uninstalled most of them, including Jetpack.

    To get website up and running, I have deleted infected files and folders but that wasn’t enough, so I have manually uploaded wp-admin and wp-includes folders to the server to overwrite all the files. I have also changed salts in config.

    Just recently, my website has been hacked again. Here’s the log:

    173.201.196.200 - - [20/Jul/2016:22:44:20 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 390 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344" 82.200.247.241 - - [20/Jul/2016:22:44:58 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 282 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0" 87.242.64.142 - - [20/Jul/2016:22:49:10 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 481 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36" 173.254.28.39 - - [20/Jul/2016:22:46:46 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 647 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26" 198.71.235.91 - - [20/Jul/2016:22:51:44 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 644 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36" 104.207.154.185 - - [20/Jul/2016:22:53:20 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 645 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36" 12.6.93.98 - - [20/Jul/2016:22:53:12 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 539 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344" 195.210.46.126 - - [20/Jul/2016:22:54:01 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 394 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26" 50.116.79.220 - - [20/Jul/2016:22:56:27 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 647 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36" 66.249.64.146 - - [20/Jul/2016:22:58:11 +0200] "GET /wp-content/plugins/recent-posts-slider/css/style.css?ver=4.5.3 HTTP/1.1" 200 1192 "http://site.si/gp/prime/digital-adoption/navigation-bar/378-9441140-4933301?type=load&isPrime=false&referrer=&height=1024&width=1024&_=1467072000000" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 68.178.254.125 - - [20/Jul/2016:22:58:51 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 317 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344" 133.242.5.32 - - [20/Jul/2016:23:00:57 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 317 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0" 120.26.59.61 - - [20/Jul/2016:23:01:11 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 646 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US) U2/1.0.0 UCBrowser/9.3.1.344" 95.173.172.71 - - [20/Jul/2016:23:01:16 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 317 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36" 66.249.64.140 - - [20/Jul/2016:23:04:16 +0200] "GET /wp-content/plugins/recent-posts-slider/css/style.css?ver=4.5.3 HTTP/1.1" 200 1192 "http://site.si/Amazon-Video/b/ref=nav__k_aiv/378-4073672-5038320?ie=UTF8&node=2351649051" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 85.128.142.52 - - [20/Jul/2016:23:03:41 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 644 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26" 69.89.31.183 - - [20/Jul/2016:23:06:06 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 646 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26" 93.185.104.20 - - [20/Jul/2016:23:08:32 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 389 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36" 184.168.27.102 - - [20/Jul/2016:23:08:58 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 598 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26" 69.195.92.241 - - [20/Jul/2016:23:09:10 +0200] "POST /wp-admin/css/colors/ocean/blog.php HTTP/1.0" 200 644 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36"

    I really don’t know what else could be the problem, so I hope to get some good recommendations on what to do, also to prevent that in future.

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Website hacked multiple times’ is closed to new replies.

Tags