perezbox
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: My website is redirecting to a youtube videoNot cool at all.. did you ever find the problem?
NO one mentioned it, but if you’re still having an issue try this post: http://codex.wordpress.org/FAQ_My_site_was_hacked
Also, if it only happens when going from a specific location you might be dealing with conditional malware.
Cheers
Forum: Fixing WordPress
In reply to: How to Remove Malware Hack of SEO Spam links in HeaderYo @jeremygregg
Try going through these posts: http://blog.sucuri.net/?s=spam
We write a lot about SEO SPAM, one might fit your situation and / or might give you an idea of what to try if you’re reached the end of the road.
Cheers.
Sorry, this question is too big to answer – not literally, but figuratively. You’re going to have to do some research to figure out why those three entities are flagging you. Once you know why, then you will know what to do.
I’d encourage you to start here: http://codex.wordpress.org/FAQ_My_site_was_hacked
Other than that, providing any guidance, will honestly be useless as you haven’t done any due diligence on your part yet.
Forum: Everything else WordPress
In reply to: How Effective Is Malware Scanning by Hosts?Many hosts have really crappy malware scanning, some have very good ones. It just depends. In many instances they leverage third-party providers and pass the scanning off the end-user.
Also understand that there are different types of scanning. Most hosts, if not all, are mostly interested in server level scans, not application scans and those that do application scans do a very bad job.
Take care
In the interest of full disclosure I run a scanning service so you might just ignore my feedback as nonsense. I also happen to partner and work with hosts a lot, which is where my feedback comes from. Do with it as you will.
Forum: Plugins
In reply to: Need Help to Remove Pages which is automatic adding in my blog(Please help)I’d encourage you to start your research here: http://blog.sucuri.net/?s=spam
This one might be especially interesting to you: http://blog.sucuri.net/2013/11/the-story-of-cliprect-a-black-hat-seo-trick.html
Thanks
Forum: Fixing WordPress
In reply to: I think i got hackedStart here: http://codex.wordpress.org/FAQ_My_site_was_hacked
Once you have the foundation, branch out from there.. if you go to crazy on Google you’re going to lose your mind..
Forum: Fixing WordPress
In reply to: Have i been hacked?Hi @reyna12
No one can answer that question without looking deeper into your website.
That being said, the fact that you you received it via email means whomever sent it is likely compromised. In other words, if the email came from your web server, then you’re likely hacked or someone is abusing your system resources. Very common, but in your specific case with the info provided, it’s impossible to say.
All the best
Forum: Fixing WordPress
In reply to: Website possibly hacked?Hi @dpanych
Replacing your theme will likely do little for you in this case. Often in cases of reinfections the attacker has a means of regaining access to your environment.
Whether it be via a Backdoor, or via your own WP-Admin controls.
This is what I would do:
1 – I would investigate when the changes are happening. You can do this by analyzing your logs to see what events are occurring. Look for log entries that trigger wp-login and / or the editor – you should be able to see this.
2 – I would purge all accounts of their passwords just in case, there are few different tools to help with this. One such would be the Sucuri plugin: http://wordpress.org/plugins/sucuri-scanner/ There is actually a section in there for post-hacks. It will not only purge the passwords but also reset your salts / keys – an important step many forget to do.
3 – Once all your controls are set, including FTP, you enter the most difficult section which is trying to identify if a backdoor exists. This, I won’t lie, won’t be easy but a good place to start is here: http://codex.wordpress.org/FAQ_My_site_was_hacked
Once you get the reinfection to stop at least 48 hours you can feel a little more comfortable in the actions you’ve taken.
One very simple step is to replace WordPress core files – that is wp-admin / wp-includes and the root files. You should see which those are.
Happy hunting.
Forum: Fixing WordPress
In reply to: Possible SPAM code on my siteIf you’re using the Custom Contact Forms plugin I’d take a look at this post: http://blog.sucuri.net/2014/08/database-takeover-in-custom-contact-forms.html
As for whether it’s that plugin specifically, hard to say but it seems as if someone is abusing your server. If it wasn’t you, or one of your administrators, then I’d say you’ve likely been hacked.
Not to worry though, this is a very common trend these days. Attackers are using web servers more and more for email spam.
Start here: http://codex.wordpress.org/FAQ_My_site_was_hacked
All the best
Hi @the Creative Tablet
This is a very interesting question, and one that goes beyond WordFence specifically.
The BlogVault guys wrote a very interesting article about it actually: https://blogvault.net/does-wordpress-security-plugin-secure-your-site/
Does WordPress stop hackers or is it just a secondary solution if and when you are hacked?
Is a very big question, the response could easily be turned around with:
What kind of hackers?
WordFence seems to have a fairly decent brute force features, which could be argued is preventing attacks. But the attack spectrum is so diverse, brute force attempts are but one attack vector to be concerned with.
The article articulate this point very well.
All the best,
Forum: Installing WordPress
In reply to: Intern needs help. Website hacked and down.Hi
If you’re getting a 403 forbidden it could be a couple different things.
1 – Log in via FTP / SFTP and look at your .htaccess. Sometimes attackers like to be funny and block all traffic by deny all traffic. Not very funny to you, but very funny to them.
2 – If that’s not it, check with the host to see if they have your IP blocked – sometimes they shut access to the site if they notice it’s been compromised. Annoying, I know.
Usually, one of those two things will address the problem.
Once you can regain access, you can then follow the steps here to regain access to the box itself: http://codex.wordpress.org/Resetting_Your_Password
Another option is to use something like Adminer or PHPmyadmin via your host control panel.
What you’re facing is known as Defacement. It’s often very simple, but can be very annoying. If you’re lucky, you’ll find the defacement in the index.php file at the root of the install or in the root of your theme files.
If you’re unlucky, they’ve injected into your widgets etc.. either way, not to worry it’s easy enough to repair (in most cases).
This should help you regain access and start the process of getting cleaned up.
All the best
Forum: Plugins
In reply to: Website hacked and passwords changedHi
This seems like a double post, I’d recommend looking at the guidance here: http://wordpress.org/support/topic/website-hacked-and-passwords-changed-2?replies=4
All the best.
Also recommend this one be closed / resolved.
Forum: Fixing WordPress
In reply to: Website hacked and passwords changedIt’s not uncommon for attackers to update the access information to your website.
What you want to do is log into the server via FTP / SFTP and manually update your user information via the DB. You should be able to do this via Adminer or by using PHPmyadmin or something equivalent in your host administration panel (i.e., CPANEL).
Here is a good article on the subject: http://codex.wordpress.org/Resetting_Your_Password
Once you have restored control and have implemented better access control mechanisms (i.e., 2FA, Good Passwords, etc..) then you can proceed with the link @roy provided..
Until you regain control however you will be simply chasing your tail.
That being said, remain calm and you’ll be just fine.. 🙂
Forum: Fixing WordPress
In reply to: WordPress install hackedHi @jan
Thought it was to help, and I thought I was by responding to his question:
2. Is that the likely cause of my the websites redirecting when viewing on mobile?
Impossible to answer the question if it was the source if we don’t know what was in the obfuscation, hence my recommendation.
If he follows the various links provided above he should get a pretty could handle and clearing out the install. On that note though.. be sure to replace core install, and I don’t mean dragging and dropping or running the update via wp-admin. Log in via FTP / SFTP and physically remove, then readd the core wp-admin and wp-includes directories, followed by the root files (with exception to wp-config).
Thanks
Forum: Hacks
In reply to: Hacked, cannot enter siteOh wonderful! Sorry for the delay in the response. Hopefully we can resolve this ticket.
Tony