- This topic is empty.
-
Posts
-
Yesterday I got a bunch of emails from HostGator saying that they installed their SiteGuard product on my hosting account and it detected malware on all my adult blogs. It looks like my sites have been hacked by someone in Hong Kong!
Has this happened to you and how did you fix it?
It looks like the hacker somehow was able to change the index.php file on all my blogs hosted at HostGator (about 30). How the heck (or hack?) can someone change all the index.php files? I’m assuming he did it with one action rather than going into each domain and changing the file. I had to manually go in and put back the right index.php file for each site and it took awhile.
Now I need to figure out how he did this and what I can do to prevent it from happening again.
There was a statement from Wordfence this week about a massive hacking effort by (I believe) a Hong Kong hacker promoting counterfeit sportswear. They were seeing millions of brute force attacks on WP all around the world. I would recommend using Wordfence if you’re not alread, they confirmed that even the free version would have prevented this attacker from getting access.
And yes, it’s all automated, there’s no one there manually hacking your site in the vast majority of these cases. They just keep hammering thousands of servers every hour until they get in and alter files.
seems to be an awful amount of malware on sites at the moment, i’ve seen 2 paysites and of course verotel all in the last week.
So HostGator was nice enough to do a Root Cause Annalysis for free. My threatening to move all my blogs and cancel my account may have had something to do with that.
They found that the hacker was able to gain access to a WordPress blog I had added on one site but never used. So I don’t think I ever added Wordfence to this site (I have it on all my active sites). Still not quite sure how gaining access to one WP site could allow someone to plant a script that changes the index.php file of all the sites.
So the problem is solved for now. I’ve been blogging for almost 10 years and this has never happened. Scary stuff to land on your site and see the content you worked so hard on replaced by some assholes message.
Wordpress is an easy target because it’s used so many places. The key is updates and permissions. Make sure your WP AND plugins AND themes are kept up to date. Also, configure WP to use an FTP account instead of the server to update and set permissions to 755 so that the web server cannot write to any files.
There’s a reason there are so many WP updates (it’s almost as bad as itunes in that regards!). It’s because people keep finding exploits. However, if you know how to keep it properly configured and kept up to date, it’s almost bulletproof.
Honestly I have managed to get nearly all of my wordpress installs hacked over the years and have also been able to “ethically hack/vulnerability test” some others peoples (on their request only) in the past and quite recently, and that includes my blogs and others having a range of security plugins installed.
The ONLY plugin / mobile app combination that provides enough security is google authentication… Its an app that you install on your phone and gives a 6 digit code that changes every 30 seconds, its 2FA app which means you need to type the 6 digit code into your word-press at time of login and it checks with google API system if your code is correct at that point in time. Its also useful as I do a lot with bitcoin and a lot of my online wallets are secured with 2FA using the same app.
Its something I always install on any of my blogs immediately after uploading wordpress and would reccomend to anyone… and you can be sure its 100% safe as its google’s app and plugin!
@harrycj,
Honestly I think a lot of paysite owners think they are safe from a lot of things, I remember when the one adult site got hacked last year they kept mentioning things like “We now have security features that no other pay-site will have or need”, but in reality yes we all do need if we want to keep everything safe. French Twinks as an example has far far far more security measures than it would appear to need, we are also one of only a very very small handful of sites to use SSL/HTTPS across all our sites as well as our SwissBucks affiliate network site and our streaming servers and CDN’s (allowing all our content to be embedded into secure blogs without red flags/mixed content warnings).
We also change a lot of our security systems on a rolling basis to ensure that not only are they kept updated but that nobody externally can become used to the security framework that we use.
We have also gone to the extreme regarding piracy, using a almost futuristic method for fingerprinting our videos, we use traditional methods but have also gone to using account fingerprinting also, using a range of variables we can now tell to within almost certainty if a pirate tries to create another account, even if they use separate emails, IP addresses, usernames, passwords, credit cards or in some cases even devices. Using similar methods I am sure to the system recently mentioned and developed by the guys over at BadPuppy (SMAQ I believe it is called)…
The truth is if someones site has not been hacked or attempted and your not putting the effort in to protect it eventually you will fall prey to the hackers or what could be classed as worse a google chrome / firefox red warning or “unsafe site” if even a site you link to is dangerous.
And on a quick piracy note, there are a selection of around 6 sites who are literally 100% pirated, in 2 cases it is actually easier to find the pirated content than it is to find the sponsors site, and on contacting there is never any reply… and these are sites that I see 50-60% of affiliate blogs promoting, so they are still active sites…
Were in an industry where we used to be the innovators of the future of the internet, we need to realize that we are not that anymore and follow the mainstream sites in implementing as much security as we can.
You know it’s getting bad when I can’t even get to an affiliate site to do a review without first turning off my web advisor. It opens up and tells me it’s really not a good idea to go there … and even when I say I’ll take the risk, there have been times when it just simply slapped my hand and said No Way!
I eventually had to temporarily uninstall the program to do the reviews and then re-install it. So far I think I managed to miss getting any undesirable shit loaded onto the laptop (crossing fingers).
If I get those kinds of warnings … how the heck are any customers accessing the site(s)?
@coique,
Having experienced this myself I know exactly what you mean. We had a server with three WP installs, when we started focussing only on the most successful blog we pretty much totally forgot about the other two on there. One out of date plug-in later and the entire server was hacked. All it takes is one weak link on one blog on a server and they can get into the file system.
This is why we remove everything we don’t use. If we shut down a dead blog on a server like that we export the content to use on a more popular one then delete the WP. If we stop using a plug-in we delete it, never let it just sit there just in case we might use it again. Same with themes, we’re only using one so all the others are removed.
It really is just about keeping up with it.
