.

from hacking

<<

grady07

Newbie
Newbie

Posts: 1

Joined: Fri Aug 03, 2012 11:31 am

Location: usa

Post Fri Aug 03, 2012 11:38 am

from hacking

My website http://weddingsvermont.com&nbsp; was attacked yesterday morning and i have cleaned everythign off the FTP and reinstalled fresh copy of mybackup however they have done it again. is therea way of blocking ? :-\
they leave few files in the website which is base64 decoded. also a txt file 150be24c26f4aa277a96fd68c91f3b48AuthCode: 306426
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Fri Aug 03, 2012 11:57 am

Re: from hacking

You're running a Wordpress blog. Wordpress plugins are fairly commonly found to have vulnerabilities that could allow an attacker to gain unauthorized access.

Instead of deleting and restoring from backup, you need to find the way they're coming in and fix that. It would be like demolishing your house after someone stole the keys but leaving the locks the same when you rebuild.

You're best bet at finding how they got in is to look through your webserver logs. Any entries that look "odd" should be investigated. (usually Google is your friend for this)

If you have any specific questions about log entries, feel free to post them here.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Fri Aug 03, 2012 1:30 pm

Re: from hacking

i agree with ziggy wordpress has some bugs u must find and patch them and it was better to show us a port scanning result of ur website i thing maybe the ftp server program has some vulnerabilities too .
ICS Academy Network Security Certified
<<

shadowzero

User avatar

Full Member
Full Member

Posts: 120

Joined: Sat Jun 02, 2012 10:03 pm

Post Fri Aug 03, 2012 2:34 pm

Re: from hacking

If the problem is with WordPress, you should probably upgrade it, and all the plugins to the latest release. Make sure you have strong passwords as well. Depending on the what was vulnerable, your entire system could be compromised and you may need to format and reinstall to wipe out any backdoors. Some WordPress vulnerabilities allow attackers to execute remote code on your server which eventually leads to remote access.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sat Aug 04, 2012 7:02 am

Re: from hacking

Yep, upgrade WordPress and pay extra attention to the plugins.  I've heard people go ahead and upgrade WP only to be compromised again through a plugin they didn't upgrade.  Good luck!
Certs: GCWN
(@)Dewser
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Mon Aug 06, 2012 10:48 am

Re: from hacking

Have you tried WP-scan that may put some light on any plugin that are outdated or have issue. There are also lots blogs that give some tips on secuing wordpress.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software