Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
  1. #1
    Junior Member
    Join Date
    Nov 2012
    Posts
    8
    Member #
    33743
    My site www.dealio.at just got hacked in today. I have no idea how this guy got through. I am running this on wordpress and the site is hosted in Netfirms. I put in all the appropriate security plugins etc.

    I have no idea where to start fixing it, so any advise or help will be really helpful.

    Cheers

  2.  

  3. #2
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,723
    Member #
    5580
    Liked
    718 times
    This is just my personal opinion ...

    I believe Netfirms is not very good at securing their servers.
    So the problem is not your site. Somehow, the hackers have
    modified your .htaccess file ... that's what I think. They did
    this through Netfirms and probably affected many other sites.

    If I were in your shoes, I would subscribe to a totally different
    webhost. Install WordPress on the new site, and then install
    the theme you used from the original source. Do not transfer
    any of your old site files to your new site.

    When you subscribe to your new site, you will not register
    a domain name at that point ... you will only configure the
    new site to "park" or "reference" your domain name, dealio.at

    Now, you will go back to Netfirms and tell them that you wish
    to transfer the domain name account to your new webhost.
    They will give you an "authorize key". When you go back to your
    new webhost, pay for the domain name hosting and use the
    authorize key to do the transfer from Netfirms to your new webhost.

    If money is an issue, I've used cleverdot.com before (less than $50/year).
    I'm sure there are other "reasonably priced" webhosts to pick from.

    If you paid for hosting at Netfirms, just let the account expire.
    You'll lose the database from your WP site ... but again, I would not
    transfer anything over to your new site. Suck it up, pay the price,
    and hope your new webhost has better security.

    That's my opinion .... any others with ideas same or different than
    myself can offer their suggestions.

    This is just one of many discussions I found about Netfirms.
    This discussion appears to be about 1 year old:
    http://www.vistainter.com/reviews/N/netfirms.com/


  4. #3
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,483
    Member #
    425
    Liked
    2783 times
    I'm not a fan of Netfirms either (the company has some serious issues with their techs), so Max may well be right. The problem is it's just as likely that WP itself is the culprit.

    First things first: change any and all passwords. Make sure they're not easy to guess, either. Don't do things like "dealio" for your password...make them some obscure combination of mixed case letters, numbers, and symbols (even something like !OilAed1 is better than "dealio", as weak as it is). Before you do anything else, do that.

    Second, report the hack to your host. In the event that it's on them, they should be able to patch the server. But you need to change your passwords before they can do that.

    What you can do if you want is to move the file that the hackers created to another folder (or give it another name) so that the host can still see it.

    Third, update WordPress. Make sure it's the current version. Do the same with any and all plugins...especially the security ones.

    If it's a regular issue, it's probably the host. If not, it's probably WordPress. I'd say the latter, having seen similar WP hacks myself in the not-too-distant past, but I'm not discounting the former either.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  5. #4
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,723
    Member #
    5580
    Liked
    718 times
    I didn't ask OP what version of WP they have.
    That would be good to know.

    The other aspect is plug-ins. Only download from WP authorized site.

    As far as Netfirms go, this would be the 3rd time I've heard this in the past 6 months.
    All 3 of them on Netfirms. That seems like too much of a coincidence. If anyone has
    had WP hacked on other hosts, that would be interesting to know.

    Like Alpha-Mare has discussed in other threads, you are correct that WP does have issues with security.


  6. #5
    Senior Member Webzarus's Avatar
    Join Date
    May 2011
    Location
    South Carolina Coast
    Posts
    3,322
    Member #
    27709
    Liked
    770 times
    I had a client call me about 2 months ago about their WP install they had setup to use as a news release section for one of their sites. They were on GD servers.

    Luckily they HAD taken my advice of making a "backup copy" of all their files once they had the site where they wanted it. Sadly they had not been updating WP to current versions, GD send out an email to the registered account email address whenever WP does updates, they were using an email address that was not being monitored, so they never got the emails telling them.

    I just FTP'd to their site, deleted all the files.... then uploaded their backup... then immediately installed all the updates to current... deleted the last 10 DB entries... done

    I can never stress enough about backups, but especially with WP installs.

    My recommendations for anyone running a WP site...

    1.once you have the site up and working the way it's suppose to, make a copy of all files on the server using FTP.

    2. Once a month or after installing a WP update, make a backup copy of all files on the server using FTP.

    3. Once a month or if there is an MySQL DB update, make a backup copy of the DB and pull it down.

    You't think with all the WP installs and potential for issues, the hosting companies that offer WP hosting would have an automatic backup of both, and do a Click to Restore....

    Someone told me GD has been working on this, but I haven't seen it since I don't have any WP installs on any hosting I have with them, I only see what's there from client sites.

    Guess it's time to set one up and start playing with it

  7. #6
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,483
    Member #
    425
    Liked
    2783 times
    Quote Originally Posted by Webzarus, post: 244753
    You't think with all the WP installs and potential for issues, the hosting companies that offer WP hosting would have an automatic backup of both, and do a Click to Restore....

    Someone told me GD has been working on this, but I haven't seen it since I don't have any WP installs on any hosting I have with them, I only see what's there from client sites.
    Actually, I'd put this one on on TurdPress, not the hosts. The developers know the thing's a giant piece of Swiss cheese. It's installed pretty much everywhere. A lot of people (e.g. Mare) want to install it themselves, and with good reason. So let WP build that in and have it as part of the setup.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  8. #7
    WDF Staff AlphaMare's Avatar
    Join Date
    Oct 2009
    Location
    Montreal, Canada
    Posts
    4,570
    Member #
    20277
    Liked
    878 times
    Quote Originally Posted by TheGAME1264, post: 244754
    Actually, I'd put this one on on TurdPress, not the hosts. The developers know the thing's a giant piece of Swiss cheese. It's installed pretty much everywhere. A lot of people (e.g. Mare) want to install it themselves, and with good reason. So let WP build that in and have it as part of the setup.
    You're right - one-click install for WP (either fantastico or SimpleScripts) is one of the worst things you can do as far as security goes - manual install with named database and renamed table prefixes is one of the very first steps towards hardening a WP site.
    Good design should never say "Look at me!"
    It should say "Look at this." ~ David Craib


    http://digitalinsite.ca ~ my current site . . info@digitalinsite.ca ~ my email

    If you feel that someone's post helped you fix your problem, answered your question, or just made you feel better, feel free to "Like" their post. The "Like" link is at the bottom right of each post, along side the "reply" link. And if you are being helped here, try to help someone else - pass it on!

  9. #8
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,723
    Member #
    5580
    Liked
    718 times
    But if you do the WP updates, doesn't it sometimes rebuild the database?
    It seems like the customizing of table names would have to be redone each time.


  10. #9
    WDF Staff AlphaMare's Avatar
    Join Date
    Oct 2009
    Location
    Montreal, Canada
    Posts
    4,570
    Member #
    20277
    Liked
    878 times
    Quote Originally Posted by mlseim, post: 244768
    But if you do the WP updates, doesn't it sometimes rebuild the database?
    It seems like the customizing of table names would have to be redone each time.
    No - the config file is not touched by updates, and that's where the database details are stored. The core code files can be updated without touching the DB. This is also why child themes work - they are separate from the core files and so when updates are done,they are not affected.
    Good design should never say "Look at me!"
    It should say "Look at this." ~ David Craib


    http://digitalinsite.ca ~ my current site . . info@digitalinsite.ca ~ my email

    If you feel that someone's post helped you fix your problem, answered your question, or just made you feel better, feel free to "Like" their post. The "Like" link is at the bottom right of each post, along side the "reply" link. And if you are being helped here, try to help someone else - pass it on!

  11. #10
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,483
    Member #
    425
    Liked
    2783 times
    Looks like the site is back online, so whatever it is, it was solved.

    Having said that...Madusha, you were lucky you were hacked when you were. Let me state this again, in bold, because I want you to realize I'm serious...you were very lucky you were hacked when you were.

    Why do I say this? Because you've built a very nice-looking site that allows businesses to list their own deals and businesses, presumably for free, and you built it on a platform that is arguably the #1 target for hackers, spammers, and other scumbags. This is not what WordPress was intended for, and WP is insecure when it is used for what it was intended for. What you've done is basically said to everyone under the sun "go ahead, I'll let you put anything you want up here for free", and they will.

    The terrorist hack was a warning shot, and that's why you're lucky...it doesn't appear any real damage was done, you're in "beta" (which means you presumably haven't gone mainstream with your site yet), and you were able to undo what was there. Take the warning shot as one, and rethink the back end of your idea, pronto. Believe me when I tell you this...if you don't, this won't be the last time you're hacked.
    AlphaMare likes this.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)


Page 1 of 2 1 2 LastLast

Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 10:56 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com