Advice on Hacking

R

Randyo35

Guppy
I had three domains hacked..All three domains are on the same user account (cp) and they are the only domains on the account. All three domains are Wordpress blogs on a Linux box. The hackers changed the index.php page (only) with their trophy page of success.

Now I need to figure out how they got in....via the account or via Wordpress. Has anyone else experienced this recently...and any worldly advice on keeping them from doing it again.
 
If WP is up to date, then most likely through a compromised PC with Control Panel and/or FTP access to the accounts. A recent method of compromising PCs has been through some Adobe product. See Stephen's post. However it's not the only method of attack

Do a full virus scan on any PC that has FTP or Control Panel access to the affected accounts.
 
nzkiwi said:
If WP is up to date, then most likely through a compromised PC with Control Panel and/or FTP access to the accounts. A recent method of compromising PCs has been through some Adobe product. See Stephen's post. However it's not the only method of attack

Do a full virus scan on any PC that has FTP or Control Panel access to the affected accounts.
Click to expand...

OK I’m a believer. I’m pretty sure they got in through my laptop because the domains affected where ftps on my computer and clients that I didn’t need ftp connection to where not affected. The hack replaced only the index page on 12 websites (html and php)

I run updated adobe suite, I have the whole CS3 Suite and update Flash as needed. AVG (not a free edition) runs on the computer every night. I bore you with this because I need some ideas on how to find the compromise on my laptop..maybe another virus scan software suggestion, a script someone might know of, etc. I have deleted the ftp connections for now. Any help would be appreciated.
 
Randyo35 said:
OK I’m a believer. I’m pretty sure they got in through my laptop because the domains affected where ftps on my computer and clients that I didn’t need ftp connection to where not affected. The hack replaced only the index page on 12 websites (html and php)

I run updated adobe suite, I have the whole CS3 Suite and update Flash as needed. AVG (not a free edition) runs on the computer every night. I bore you with this because I need some ideas on how to find the compromise on my laptop..maybe another virus scan software suggestion, a script someone might know of, etc. I have deleted the ftp connections for now. Any help would be appreciated.
Click to expand...

Change te FTP password from the control panel if you haven't done that yet. If you have updated the adobe softwares you should be safe from it happening again.

Here's one thing I've noticed about these defacements, they are storing the password for a while. I found one account defaced that had initialy been 'scanned' by a botnet a month before an action happened, so they sat on the password for quite a long time and it made it to a 'verified good' password list, then to a botnet that defaced the pages thoroughly from many IPs.

Now this is only an example, but one that has been common in the last 4-5 months.
 
Thanks Stephen..

I did change all passwords...CP and FTP, I'm next working on changing database passwords...I little bit more work because of settings and config. php files.

I have no clue on how to find any hidden script in any other files on the server so I will start to upgrade or reload the sites with fresh scripts. If you think of anything else helpful....I'm listening.
 
I would recommend also to check the version of wordpress or which ever content management softwares you are using might be that your cms package is having some flaws or bugs due to this hackers have gained the admin privliges on the website and changed the index page of your website

update your cms package and scan your laptop with a good updated antivirus and change all the passwords of your mail accouts even gmail yahoo,hotmail,and all your website control panel and ftp password
 
You must log in or register to reply here.
Back
Top