Jump to content



Photo

My site KEEPS getting hacked


  • Please log in to reply
20 replies to this topic

#1 +Nik L

Nik L

    Where's my pants?

  • Tech Issues Solved: 2
  • Joined: 14-January 03

Posted 13 October 2012 - 22:15

I have my own shared webhosting provided through UKHost4u... I host a wordpress blog on there. It keeps getting hacked. I've changed all passwords, etc. Wiped the space clean, reinstalled over 3 times now.

The recent reinstall was a few days ago. I slapped a theme on but haven't had chance to post yet.

And BAM it's got another damned JavaScript injection.

I hosted previously under another provider and no such issues.

I have spoken to the hosts, and they say that it's basically not their issue.

Can someone help, gimme an idea whats going on? I'm at my witts end over this...

www.brandbeast.co.uk


#2 Barney T.

Barney T.

    Debian Linux: I'm Loving It!

  • Tech Issues Solved: 3
  • Joined: 30-August 03
  • Location: Williamsburg, Virginia

Posted 13 October 2012 - 22:18

I've used Sitelock in the past for protection. I have found it to really work wonders....... Another good one is We Watch Your Website.

#3 Quigley Guy

Quigley Guy

    Neowinian Senior

  • Joined: 13-August 02
  • Location: Ireland

Posted 13 October 2012 - 22:18

Move to another host...

#4 Hum

Hum

    totally wAcKed

  • Tech Issues Solved: 5
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 13 October 2012 - 22:18

Can you block Java scripts ?

I blame Iran ...

#5 OP +Nik L

Nik L

    Where's my pants?

  • Tech Issues Solved: 2
  • Joined: 14-January 03

Posted 13 October 2012 - 22:26

Can I personally block scripts locally? I'm sure I can yes, but how will that help?

OK, it seems the threats are being uploaded into my themes folder...

#6 +TCLN Ryster

TCLN Ryster

    Evil Teddy Rules!

  • Joined: 02-August 04
  • Location: Uttoxeter, UK

Posted 13 October 2012 - 22:26

Setup your domain to use cloudflare... it adds an extra layer of protection by blocking connections from know hackers, spammers, etc. It also provides a cache of your site when your actual host is down. Best of all it's free :)

Not saying it'll 100% solve your problems, but it can't hurt.

More info:
http://www.cloudflar...atures-security

#7 OP +Nik L

Nik L

    Where's my pants?

  • Tech Issues Solved: 2
  • Joined: 14-January 03

Posted 13 October 2012 - 22:28

Is it likely to be because Wordpress by default allows these folders to be accessed and written? As such, should I get my site setup and then just lock down the security?

#8 Javik

Javik

    Beware the tyrrany of those that wield power

  • Tech Issues Solved: 2
  • Joined: 21-May 12

Posted 13 October 2012 - 22:33

Move to a host with support for mod_rewrite, it allows scripts to write files to those directories without them needing to be chmodded at 777 for full public access. Your host's security practises sound pretty poor

#9 OP +Nik L

Nik L

    Where's my pants?

  • Tech Issues Solved: 2
  • Joined: 14-January 03

Posted 13 October 2012 - 22:35

In fairness, I don't fully know what I'm doing, they seems to offer a lot of things, but they just aren't being particularly helpful :(

#10 Toysoldier

Toysoldier

    Neowinian

  • Joined: 17-February 11

Posted 13 October 2012 - 22:38

Are you using shared hosting? all it takes is one site on the shared server with a SQL vun or another exploit and bam the server gets rooted, very common practice.

#11 Javik

Javik

    Beware the tyrrany of those that wield power

  • Tech Issues Solved: 2
  • Joined: 21-May 12

Posted 13 October 2012 - 22:40

In fairness, I don't fully know what I'm doing, they seems to offer a lot of things, but they just aren't being particularly helpful :(


If they had mod_rewrite it would be set up server side in PHP, it doesn't need to be configured independently by each customer :) I admit Linux isn't my strength but a good admin would be able to harden a Linux server against such exploits.

#12 cybertimber2008

cybertimber2008

    Neowinian Senior

  • Joined: 02-December 08

Posted 13 October 2012 - 22:42

Yea it's probably that. What OS are you using and what services do you have running (SSH, FTP, etc)?

If you are running Linux, set up a seperate partition for /var/www , and set it in /etc/fstab to mount read-only by default. When you need to add something, you run "mount -o remount,rw /var/www" to make it writable, and then "mount -o remount,ro /var/www/" when you are done.
That and there should be a guide on what folders should have what permissions set. You should take care to make sure those are set.

#13 Nexx295

Nexx295

    Neowinian

  • Joined: 15-September 04
  • Location: Germany

Posted 13 October 2012 - 22:52

Ask your host to install ModSecurity and/or Suhosin. ModSecurity is a web application layer firewall and Suhosin protects from insecure codes used by inexperienced PHP developers.

Another thing your host should do is to run PHP in suPHP or FastCGI mode so the hackers can't make use of insecure file and folder permissions.

It seems like you have some vulnerable plugins/themes, so ask your host to do a maldet scan for your account, provide you with a list of infected files and then search the access logs to see who the hacker is and how he was able to inject the infected files. You should also see in the logs the script that was exploited to inject the malware and then you'll know which plugin or theme you should remove.

If your host can't help you with this, then it's about time that you search for a more experienced and secure provider, preferably a CloudFlare partner so you can use CloudFlare to add an extra layer of security and speed up your website. If you need a recommendation which would fulfill the stuff mentioned above, I'd be glad to help.

#14 +Yorak

Yorak

    Insubordinate

  • Joined: 06-February 05
  • Location: Virginia

Posted 13 October 2012 - 23:12

By chance, are you using a theme from a third party, or a paid one for free? Catch my drift?

If so, I guess they can be infected just like any other file that can be retrieved like that. If you are uploading the same theme each time and don't notice the problem until you upload it, then we probably have the answer. Just check the theme files out to see if they are infected. NOD32 gave me five separate warnings about your page. I'll have to check the logs to see what all it found.

#15 OP +Nik L

Nik L

    Where's my pants?

  • Tech Issues Solved: 2
  • Joined: 14-January 03

Posted 13 October 2012 - 23:20

I am using a purchased theme yes, all fully paid for, etc. But it's not when I upload he theme, it's usually after a week or so.

I think I will look at another host. Remember though, this is cheap shared hosting.



Click here to login or here to register to remove this ad, it's free!