from hacking

[grady07]

My website http://weddingsvermont.com  was attacked yesterday morning and i have cleaned everythign off the FTP and reinstalled fresh copy of mybackup however they have done it again. is therea way of blocking ?
they leave few files in the website which is base64 decoded. also a txt file 150be24c26f4aa277a96fd68c91f3b48AuthCode: 306426

[ziggy_567]

You're running a Wordpress blog. Wordpress plugins are fairly commonly found to have vulnerabilities that could allow an attacker to gain unauthorized access.

Instead of deleting and restoring from backup, you need to find the way they're coming in and fix that. It would be like demolishing your house after someone stole the keys but leaving the locks the same when you rebuild.

You're best bet at finding how they got in is to look through your webserver logs. Any entries that look "odd" should be investigated. (usually Google is your friend for this)

If you have any specific questions about log entries, feel free to post them here.

[fred]

i agree with ziggy wordpress has some bugs u must find and patch them and it was better to show us a port scanning result of ur website i thing maybe the ftp server program has some vulnerabilities too .

[shadowzero]

If the problem is with WordPress, you should probably upgrade it, and all the plugins to the latest release. Make sure you have strong passwords as well. Depending on the what was vulnerable, your entire system could be compromised and you may need to format and reinstall to wipe out any backdoors. Some WordPress vulnerabilities allow attackers to execute remote code on your server which eventually leads to remote access.

[3xban]

Yep, upgrade WordPress and pay extra attention to the plugins.  I've heard people go ahead and upgrade WP only to be compromised again through a plugin they didn't upgrade.  Good luck!

[Jamie.R]

Have you tried WP-scan that may put some light on any plugin that are outdated or have issue. There are also lots blogs that give some tips on secuing wordpress.