Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
I’m sorry you were hacked, but can you clarify whether you’re asking rhetorical questions or are genuinely looking for support?
Thread Starter
clamor
(@clamor)
At this stage my questions are rhetorical but I am looking for answers. I cannot understand why my WordPress sites including the one that crashed today are being hacked. Another WordPress site has run out of bandwidth so I assume it is also being hacked. A third site with a CubeCart site has also crashed due to hacking and possibly coding issues with recent upgrades (not your problem but also a recent issue). All these sites have been online for years without any issues. Meanwhile my old school websites are running perfectly without any hacking issues. I am wondering if the hackers are winning the war.
Thread Starter
clamor
(@clamor)
Here is the response from our hosting provider after our account was suspended without prior notice:
It’s not possible to provide prior notifications for issues like these. The account had attempted to send out out 845 emails (in less than 15 minutes) before our monitors were alerted.
If the account is not suspended, the spamming will continue.
After suspending the account, I have had a chance to investigate the spam. The spams originated from the following folder
‘/home/xxxx/public_html/wp-content/plugins/custom-contact-forms/bower_components’
The malware file in there ini24.php, was uploaded in September 2015
Thread Starter
clamor
(@clamor)
Looking forward to your response.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Installations get compromised for a variety of reasons.
- Code isn’t maintained meaning WordPress, plugins or themes and vulnerable code was exploited
- Additional code on the same server is exploited
- Passwords are obtained (many ways for that to happen)
- Your host runs vulnerable code on the same server
You get the idea. When someone’s site is compromised this is the typical reply posted.
Please remain calm and carefully follow this guide.
When you’re done, you may want to implement some (if not all) of the recommended security measures.
Once you’ve successfully deloused your server then hardening your WordPress would not be a bad idea and those links can help you get that going.
Thread Starter
clamor
(@clamor)
Thank you. I will read your instructions but the point is that our cPanels were compromised by loading WP on our sites and Black Hat hacking through the back door. This has never happened before and we have other non-WP sites that have been online for many years. Our eBay sites and PayPal have also been compromised, along with our online reputation! WP needs to address security issues. Over and out. Not calm at all!
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
OK, this may sound odd and please don’t react badly when you read my reply. Emphasis added by me.
Thank you. I will read your instructions but the point is that our cPanels were compromised by loading WP on our sites and Black Hat hacking through the back door.
Not exactly. Your cPanel was not compromised because of core WordPress. It may have been due to a plugin or theme or add-on but unless you were running a very outdated version of WordPress then that was not the vector you were compromised by.
Here’s how I know: WordPress and cPanel go hand in hand on so many hosted sites (I’ve never used it but I’m told that I’m “odd”). Had WordPress been the method of compromising your site then so many people would be reporting that. That would be a HUGE event and people who compromise sites are not known for their restraint.
Your site was definitely compromised and delousing your site will be a challenge. It’s not easy and requires you to save all your files and your complete database and then burn everything to the ground.
If you can identify the vector then fantastic. But more often than not people are unable to definitely find it. If it keeps happening despite your efforts then a new host provider may be needed.
Thread Starter
clamor
(@clamor)
Okay, it is very late in Australia so I am sure you will understand that I am going to sleep soon, which is why I replied ‘Over and out’ (old and reliable radio technology) in my last post. Not reacting badly at all but looking for answers! My cPanel was absolutely compromised by WP security issues. Please read previous posts. All plugins are downloadable via the WP admin panel. Therefore, WP is recommending and approving the plugins. How on earth can anyone access the cPanel if not through a back door in WP? My WP is up-to-date. In the meantime my FTP is blocked, my website is blocked, my emails were blocked (although we have managed to resolve this through forwarding), my eBay account was affected, my PayPal was affected and my online reputation is in jeopardy. Let’s go back to the original question. Are the Black Hat hackers winning and what is WP doing to combat this?
Thread Starter
clamor
(@clamor)
Also, why has my original topic been edited and changed? This is about a Cyber War!
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Sleep is good BTW. π My Dad was into ham radios and I like the terminology.
The title was changed because it was misleading and incorrect. It was also in the wrong forum and moved to the right place. That’s not what “Hacks” is for. Hacks is for coding questions, not compromised site issues.
https://wordpress.org/support/topic/please-use-how-to-and-troubleshooting-for-compromised-websites?replies=1
My cPanel was absolutely compromised by WP security issues. Please read previous posts. All plugins are downloadable via the WP admin panel.
Your site was compromised and yes, I did read your posts. It happens but you need to fix your site. It’s not that WordPress has a problem and you need to focus on your site. That’s as plainly as I can put it.
Are the Black Hat hackers winning and what is WP doing to combat this?
No, they are not winning and the WordPress development cycle has a huge eye on keeping the code secure and maintaining good coding practices.
https://wordpress.org/about/security/
Thread Starter
clamor
(@clamor)
Okay, one more try before going to bed. It is great that you think the Black Hat hackers are not winning but I think they are. Let me share with you my telephone conversations with Google experts. Google advised me that WP was the oldest and most pristine website in the world with the top technical specialists. So, I am not being critical but the WP team is not recently “keeping the code secure and maintaining good coding practices” – see previous posts regarding the crashing of at least one and possibly more of my websites. This is the problem. I am glad that your “Dad was into ham radios and (you) like the terminology” and I hope you learned from him because if the internet crashes (young technology), this may be the only reliable technology available for communication. If WP cannot improve its security, what can we expect? I don’t think I am being paranoid and I have been working on the Internet since its inception.
Thread Starter
clamor
(@clamor)
Also the title was not misleading and it was absolutely correct. I think the change of title was deliberately designed to shut the conversation down. Can it please be changed back? In the interests of a transparent debate.
Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
Are you sure you’re using WordPress as distributed on WordPress.org? This is software that is built, maintained and supported by volunteers as an open source project. What the guys at Google told you doesn’t match that.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
I’ve changed the title back but it is a misleading topic title and doesn’t address your problem.
There’s no debate to be had. WordPress takes security seriously and has for many years.
Again, it’s not “WordPress” that was compromised. Your site was. I hope you get your problem sorted out but please don’t try to make this topic into some debate. You have a more immediate problem to deal with.