perezbox
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Hacked; what to do nextWhat is being described isn’t something that SiteCheck would detect. SiteCheck works to identify security issues that display on a users browser. Think things like malware distribution, malicious redirects, SEO spam.. etc..
So just because it’s green, doesn’t mean that your environment hasn’t been hacked. It could be being leveraged for some other nefarious act.
Unfortunately, changing the passwords on FTP / WP-ADMIN are only the first of many steps that need to be taken. In fact, here is a list we’ve put together that we share with our own customers, but would be just as valuable for you: https://sucuri.net/website-security/what-to-do-after-a-website-hack.php
Here is also a document we put together a few years ago, but still applicable today of things you could do specifically with your local WordPress install: https://blog.sucuri.net/2012/11/website-malware-removal-ftp-tips-tricks.html
Lastly, don’t forget to spend some time looking at this page on the codex: http://codex.wordpress.org/Hardening_WordPress it’ll help you think through the various hardening steps you should consider.
Yes, this can all be a bit overwhelming, but such is the world with Security. The biggest thing you need to be asking yourself is how they are getting in, how are new users being added. If it’s in fact related to something an admin is doing, then great. But if it’s something no one on your team is doing, then that’s a problem. And the thing you need to be most aware of is the addition of things like backdoors and the sort that allow bad actors to circumvent any existing controls placed on your access nodes.
Hope this helps.
Thanks
Forum: Fixing WordPress
In reply to: Did my website get hacked?Hi @metrod
Like @contentiskey mentioned, if there is something that you didn’t push, then I’d definitely assume some kind of compromise unfortunately.
This is also not something SiteCheck would detect, being it’s not linked on the domain, and the content of the page itself is not malicious. The code itself is good, and it’s not distributing malware.
What’d I’d recommend looking at is the various pages in your install, see if it’s being generated there or if it’s added to the root.
Regardless, I’d recommend doing a deep scan of the environment. You want to look for backdoors, and the sort to make sure people are not accessing the environment bypassing existing access controls.
Tony
Forum: Plugins
In reply to: Hacked or cleaned up ?Hi
Have you tried contacting whomever you tasked to help clean your website? What you describe is a bit weird, but it’s hard to know without knowing all the details.
As you have things phrased right now it’s a bit hard to really provide any response of much value.
Thanks
Forum: Fixing WordPress
In reply to: Site hackedHI
You can see the infection here: https://sitecheck.sucuri.net/results/www.waftb.com
Here are some tips and tricks that might help: https://blog.sucuri.net/2012/07/website-malware-removal-wordpress-tips-tricks.html
Thanks
Forum: Fixing WordPress
In reply to: Hacked site and locked out as adminHi @lcartier1
Not a problem, you’ll want to log into your database and update the administrator account. Your host should be able to help you with this. The hack itself own’t matter at the moment, at least not until you log in again.. π
Tony
Forum: Plugins
In reply to: [BulletProof Security] Website hacked–what other plugins should I use?Perfect.. I serve at the pleasure.. π
Forum: Fixing WordPress
In reply to: URL injection hacked siteHi
If you’re sure you’re not redirecting or infected, you could try using the Google URL Removal tool here:
https://www.google.com/webmasters/tools/removals
And submitted the site to be reindexed.
Have you tried that?
Thanks
Forum: Plugins
In reply to: [BulletProof Security] Website hacked–what other plugins should I use?If you’ve hired Sucuri you shouldn’t need anything else. Mind pinging me at? I’d love to see how you’re configured. You should be able to remove all security plugins now if you’re fully configured.
Tony
Great, thanks. Very curious case.
Thanks
Can you confirm that this is in fact an issue with our Firewall? Can you provide a ticket number from our system in which you engaged the support team? Would like to follow up and see what might be happening.
Thanks
Hi @sarumbear
In the same link we provided, we share a link where we explain in more detail how the “remote” aspects of our scanner work.
For your reference here it is: https://blog.sucuri.net/2012/10/ask-sucuri-how-does-sitecheck-work.html
I’m sincerely sorry you feel wronged in some way, but as my colleague mentioned, it’s open-source and if you feel you have a better way then by all means. We’re very particular here at Sucuri in the way we market and the way we describe our services, even the free ones. It’s why we’re very specific to say this is a remote scanner, and go on to explain how a remote scanner works.
Thanks for insights.
Tony
Forum: Fixing WordPress
In reply to: Site Hacked βΒ Users coming from Facebook get Pop-UpsHi
The one thing you might want to consider is malvertising. What you’re describing is highly conditional, specifically targeting mobile devices.
If you run ads, I’d also take a look there. Along with what @rngdmstr recommended in terms of clearing out your base.
Thanks
Hi @saludcasera
Sorry for the experience, I’m sure it was not intentional and there’s likely a lot more to the discussion. The issue however I hope is now addressed, right?
Thanks
Forum: Fixing WordPress
In reply to: web site hackedHi @larry
Do you have a backup?
If you don’t, have you contacted your host? They often have at least a 24 hour backup available.
Hey there
Umm, let’s see if we can’t look into this and figure out what is going on.. mind sending us an email to labs@sucuri.net? Would like to see if maybe we need to update the profile..
Thanks