wordpress websites hacked

rustyshackleford
(@rustyshackleford)

12 years, 5 months ago

Hi,

All of the wordpress websites on my server have been hacked roughly once a month for the past 2 months now. Every time they are hacked, the same thing is happening. The index.php/header.php files in both the themes and the wp installation directory are being edited and some javascript is being added to those files which is then displaying on the websites. Each time this happens, i roll back the database and code for all the websites to the night before the websites were hacked. This clears up the problem until they are hacked again in around a month or so. I have ensured that we are running the latest version of wordpress and the latest version of each and every plugin we use. At the time the files were changed, the server logs report no access to the website. I’m reall scratching my head at this one – has anyone else encountered this problem and if so how did you solve it?

Viewing 5 replies - 1 through 5 (of 5 total)

faisalwp
(@faisalwp)

12 years, 5 months ago

You need to review your security policy thoroughly.

Where you have installed your wordpress sites? Is it a shared hosting or your own VPS?

Visit this link: http://codex.wordpress.org/Hardening_WordPress

There can be alot of things behind hacking a site either from OS Level or from Application level.

Use wordpress security plugins and go through file/folder permissions. If you have shell access, this can be done easily otherwise use FTP clients to set proper permissions and rights.

Thanks

Thread Starter rustyshackleford
(@rustyshackleford)

12 years, 5 months ago

Hi,

Thanks for your prompt response – ill take a look at that link. The sites are installed at:-

D:/inetpub/wwwroot/domainname.com
D:/inetpub/wwwroot/domainname2.com
D:/inetpub/wwwroot/domainname3.com

It is our own server but we manage multiple websites on it. I have remote access to the server. I followed all the steps to the letter when installing wordpress.

esmi
(@esmi)

12 years, 5 months ago

You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Anything less will probably result in the hacker walking straight back into your site again.

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

12 years, 5 months ago

Edit: OK, Esmi beat me to it by 62 seconds. I’m going to the No Replies section…

Every time they are hacked, the same thing is happening.

Sadly you are not delousing your server. It’s a lot of work and leaving any exploitable code on your site will mean (as you’ve found out) that the hack will be back.

Thanks for your prompt response – ill take a look at that link.

Also give these a look too, it’s part of the default “I’ve been hacked” reply. Those articles can really help you get a handle on your situation.

http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Thread Starter rustyshackleford
(@rustyshackleford)

12 years, 5 months ago

Thanks for all your help guys.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘wordpress websites hacked’ is closed to new replies.

wordpress websites hacked

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics