Comments on: Website hacking issues

By: MillaN

MillaN — Thu, 11 Feb 2010 12:06:11 +0000

Thanks. I am building much more advanced plugin for this same job, but for now this is a good start.

By: Randy Brown

Randy Brown — Tue, 09 Feb 2010 01:46:18 +0000

WordPress File Monitor Plugin will provide you with
an email of a time when files are changed.

get it here:

http://www.wpbeginner.com/plugins/wp-security-wordpress-file-monitor-plugin/

Look for a pattern in when events occur that modify the header file. Every little bit of info is critical when trying to solve these issues.

By: MillaN

MillaN — Fri, 29 Jan 2010 00:57:35 +0000

Already did that, but I can do it again, maybe I overlooked something. Also, this website will soon get new theme and most of the things will be made from scratch starting with full WP install, DB and files cleanup and server settings review.

By: Grant

Grant — Thu, 28 Jan 2010 23:48:44 +0000

Hi Millan.

Ban them at .htaccess level!

Also check that your .htaccess file is setup properly. I had a similar problem when a plugin modified my .htaccess than a few days later I had modified header.php and footer.php

By: c hanna

c hanna — Wed, 20 Jan 2010 00:20:54 +0000

Thank you everyone for the help. I’ll try these last two ways. thankyou

By: Claudiu Popescu

Claudiu Popescu — Tue, 19 Jan 2010 08:20:02 +0000

You can ask your web hosting provider to block that IP from the server’s firewall, explain to them what is that ip doing and maybe you will get lucky. If you have a dedicated ip address for your web site, then they can block this ip only for your web site.

By: MillaN

MillaN — Tue, 19 Jan 2010 01:04:07 +0000

Try finding some plugin that can filter IP addresses completely and prevent access to website.

By: c hanna

c hanna — Mon, 18 Jan 2010 22:15:25 +0000

Do you know how to ban this guy. He is in again. here is the strange website that they come in from:
mmacomments dot com

Ya, he’s in there again right now. hahaha!

By: MillaN

MillaN — Mon, 18 Jan 2010 17:51:48 +0000

Plugin IP filter only works for plugin, and filters votes, doesn’t prevent user for doing anything else on the website.

By: c hanna

c hanna — Mon, 18 Jan 2010 17:23:18 +0000

I just used the ban IP Masked and it took it. I’m not sure what masked means, but it took it there. Hopefully this will do the trick. He just left another comment, always uses different name but its the same IP each time.

By: MillaN

MillaN — Mon, 18 Jan 2010 01:25:08 +0000

You add IP and it’s not saved to the banned list on the IP panel? The only known way for this to happen is if the IP is invalid. Plugin checks the format before saving it.

By: c hanna

c hanna — Mon, 18 Jan 2010 00:29:01 +0000

Right. I went into the IP for Gd starrating and that is where I banned the one person. The other one I tried but it doesn’t take.

Do you think its some kind of hacker? I don’t know why they would, I don’t have any sales or pay pal stuff.

It must not be anything to do with the gd rating. I will call my host and maybe they can tell what’s going on with this particular IP.

Thanks. At least I narrowed it down a little.

By: MillaN

MillaN — Mon, 18 Jan 2010 00:07:53 +0000

Is the IP added to the banned list on IP panel? And if it is, how do you now that plugin is not banning that one. I have tested and it’s working fine. On this website I have some 20 IP’s in the list and as far as I can tell, banning works fine.

By: c hanna

c hanna — Sun, 17 Jan 2010 18:35:10 +0000

thanks. So far just tried the two. One banned ok the other one did not.

By: MillaN

MillaN — Sun, 17 Jan 2010 11:16:46 +0000

I will check why IP is not banning.

By: MillaN

MillaN — Sun, 17 Jan 2010 11:16:26 +0000

WP Security Scan is pretty useless plugin, everything that it does I always implement and check on my own for each website. On the same host, I have Dev4Press and TVScape hosted, and only this website is under attack daily.

By: c hanna

c hanna — Sun, 17 Jan 2010 04:40:28 +0000

Hi,
I have the Star rating now on my wordpress site. I went to the IP part to ban this one commenter that leaves strange stuff, but it won’t ban his IP. I banned another IP that was selling drugs and that worked fine. Why would this one IP not ban?

Sorry to butt in on this forum…I didn’t know where else to leave question.

After reading this hacking issue I realize that my site may be vulnerable too. I use bluehost. How do you know if someone is getting into your site?

Thanks.

By: David

David — Sat, 16 Jan 2010 22:46:41 +0000

Worth installing http://wordpress.org/extend/plugins/wp-security-scan/ and following this guide here.
http://blogsecurity.net/wordpress/wordpress-security-whitepaper (changing database prefix is something I recommend all doing to limit XSS injection attacks.)

Also worth checking if you have register globals on in php.

By: MillaN

MillaN — Sat, 16 Jan 2010 15:21:17 +0000

I will install PHP IDS (Bluehost suggestion) to monitor every type of requests and try to find out exactly where the attack is done.

Also I have many websites on BlueHost and this is only one being hacked.

By: pamelad

pamelad — Sat, 16 Jan 2010 14:58:28 +0000

Have you checked all of your javascript files? Those are notorious for having back doors and being infected. Also, have you deleted the admin role that is standard with wordpress? Just another way to get hacked

I use a sister company of BlueHost (HostMonster) and I haven’t had any problems so far. Hopefully, I won’t…