My site KEEPS getting hacked

By +Nik Louch
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

+Nik Louch Subscriber²

Posted
  • Subscriber²
Posted

I have my own shared webhosting provided through UKHost4u... I host a wordpress blog on there. It keeps getting hacked. I've changed all passwords, etc. Wiped the space clean, reinstalled over 3 times now.

The recent reinstall was a few days ago. I slapped a theme on but haven't had chance to post yet.

And BAM it's got another damned JavaScript injection.

I hosted previously under another provider and no such issues.

I have spoken to the hosts, and they say that it's basically not their issue.

Can someone help, gimme an idea whats going on? I'm at my witts end over this...

www.brandbeast.co.uk

Link to comment
https://www.neowin.net/forum/topic/1112071-my-site-keeps-getting-hacked/
Share on other sites
Grand Master

+Ryster Subscriber²

Posted
  • Subscriber²
Posted

Setup your domain to use cloudflare... it adds an extra layer of protection by blocking connections from know hackers, spammers, etc. It also provides a cache of your site when your actual host is down. Best of all it's free :)

Not saying it'll 100% solve your problems, but it can't hurt.

More info:

http://www.cloudflar...atures-security

Grand Master

Noir Angel

Posted
Posted

Move to a host with support for mod_rewrite, it allows scripts to write files to those directories without them needing to be chmodded at 777 for full public access. Your host's security practises sound pretty poor

Grand Master

Noir Angel

Posted
Posted

In fairness, I don't fully know what I'm doing, they seems to offer a lot of things, but they just aren't being particularly helpful :(

If they had mod_rewrite it would be set up server side in PHP, it doesn't need to be configured independently by each customer :) I admit Linux isn't my strength but a good admin would be able to harden a Linux server against such exploits.

Mentor

cybertimber2008

Posted
Posted

Yea it's probably that. What OS are you using and what services do you have running (SSH, FTP, etc)?

If you are running Linux, set up a seperate partition for /var/www , and set it in /etc/fstab to mount read-only by default. When you need to add something, you run "mount -o remount,rw /var/www" to make it writable, and then "mount -o remount,ro /var/www/" when you are done.

That and there should be a guide on what folders should have what permissions set. You should take care to make sure those are set.

Proficient

Nexx295

Posted
Posted

Ask your host to install ModSecurity and/or Suhosin. ModSecurity is a web application layer firewall and Suhosin protects from insecure codes used by inexperienced PHP developers.

Another thing your host should do is to run PHP in suPHP or FastCGI mode so the hackers can't make use of insecure file and folder permissions.

It seems like you have some vulnerable plugins/themes, so ask your host to do a maldet scan for your account, provide you with a list of infected files and then search the access logs to see who the hacker is and how he was able to inject the infected files. You should also see in the logs the script that was exploited to inject the malware and then you'll know which plugin or theme you should remove.

If your host can't help you with this, then it's about time that you search for a more experienced and secure provider, preferably a CloudFlare partner so you can use CloudFlare to add an extra layer of security and speed up your website. If you need a recommendation which would fulfill the stuff mentioned above, I'd be glad to help.

Grand Master

Yorak

Posted
Posted

By chance, are you using a theme from a third party, or a paid one for free? Catch my drift?

If so, I guess they can be infected just like any other file that can be retrieved like that. If you are uploading the same theme each time and don't notice the problem until you upload it, then we probably have the answer. Just check the theme files out to see if they are infected. NOD32 gave me five separate warnings about your page. I'll have to check the logs to see what all it found.

Mentor

Gaffney

Posted
Posted

ukhost4u doesn't exactly look like the best host 22 out of 79 ratings on the google review of the site are 3 stars or under. I'm also doubting some of the reviews since 20 of them are duplicates and all of them are 3 or 4 stars. There is only one four star rating with a name attached and only 15 of the 40 5 star ratings have names attached.

I'm with stablehost(they have servers in Germany). They aren't the biggest but they have good ticket support, good server stats and the best thing about them for me is they are really reliable. I've only had to contact support twice since 10th July 2011 the last one being in January. One was my fault with importing a SQL table that went into a loop and they helped fix that problem, the other was one of their servers hardware started to crap out causing the site to go slow, they moved me to a new server. Really good prices as well so their name fits the bill.

I'm really skeptical after being on hostgator, sharkspace, dreamhost and two other small hosting sites. The big ones have dumb staff and their servers get problems often, the small ones usually have support issues since they usually only have a couple of people running it in their past time so when things go wrong it might take a few hours to get a ticket response. Stablehost is in the middle taking the best from both.

Not sure how stablehost deal with hack attempts though, my site's have been hacked before but not on stablehost. Could be they have tough defenses or no one has aimed at me in the last year or so.

If you fancy them click here

If not my advice is don't go with the big giants or one man shows.

Experienced

Ph1b3r0pt1c

Posted
Posted

Um, while I value the time u spent...

It did not say you had a virus, it said it blocked a javascript injection. Why is it ok to blame the host and not my securing of my site?

Because nothing anyone says here is going to fix it. This is up to the site admins and not you.

Grand Master

+Nik Louch Subscriber²

Posted
  • Author
  • Subscriber²
Posted

Site admins? Have you followed the thread? It's MY site. Sure it's on their servers, they host it, but I uploaded Wordpress, set it up, installed the theme and didn't lock anything down beyond the standard install...

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft announces 12th-gen Surface Pro with Snapdragon X2 processors

      By monterxz · Posted

      Can you read? I've said I'm willing to pay more for a notchless (no notch) 3:2 screen.
    • Microsoft unveils new Surface Laptop with improved trackpad, Snapdragon X2, and more

      By FunkyMike · Posted

      Not even an OLED display on the laptops. Also it seems that the laptop design isn't the same as the Surface Ultra model. Looks like bargain bin at high prices.
    • Microsoft announces 12th-gen Surface Pro with Snapdragon X2 processors

      By tsupersonic · Posted

      make your own notch - it's not that hard
    • VirtualBox 7.2.10

      By Copernic · Posted

      VirtualBox 7.2.10 by Razvan Serea VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Targeted at server, desktop and embedded use, it is now the only professional-quality virtualization solution that is also Open Source Software. Presently, VirtualBox runs on Windows, Linux, macOS, and Solaris hosts and supports a large number of guest operating systems including but not limited to Windows (NT 4.0, 2000, XP, Server 2003, Vista, 7, 8, Windows 10 and Windows 11), DOS/Windows 3.x, Linux (2.4, 2.6, 3.x, 4.x, 5.x and 6.x), Solaris and OpenSolaris, OS/2, OpenBSD, NetBSD and FreeBSD. Some of the features of VirtualBox are: Modularity. VirtualBox has an extremely modular design with well-defined internal programming interfaces and a client/server design. This makes it easy to control it from several interfaces at once: for example, you can start a virtual machine in a typical virtual machine GUI and then control that machine from the command line, or possibly remotely. VirtualBox also comes with a full Software Development Kit: even though it is Open Source Software, you don't have to hack the source to write a new interface for VirtualBox. Virtual machine descriptions in XML. The configuration settings of virtual machines are stored entirely in XML and are independent of the local machines. Virtual machine definitions can therefore easily be ported to other computers. VirtualBox 7.2.10 changelog: VMM: Fixed issue when CentOS 10 VM was not booting due to the message "Fatal glibc error: CPU does not support x86-64-v3" (​github:gh-642) Devices/EFI: Fixed booting issue when ARM VM had less than 1024 MiB of RAM assigned (​github:gh-679) USB: Fixed issue when it was not possible to attach USB device to headless VM on Apple Silicon/macOS 26.4.1 (​github:gh-631) Storage: Fixed issue when VIRTIO-SCSI device was not recognized as SSD device by guest system (​github:gh-634) Network: Fixed issue in E1000 emulation code which triggered debug log creation (​github:gh-645) Network: Fixed issue in E1000 emulation code which prevented OS/2 guest from booting (​github:gh-683) Linux Host: Fixed issue when VMs could not be started due to kernel oops (​github:gh-639) Linux Host and Guest: Fixed issue when kernel modules were failing to build with openSUSE 16.0 kernel Linux Host and Guest: Added initial support for kernel 7.1 Linux Host and Guest: Added extra fixes for RHEL 9.8 kernel (​github:gh-676) Linux Host and Guest: Added possibility to build source code using NASM instead of YASM as the assembler (​github:gh-520) Linux Guest Additions: Added initial support for Extended Data Control Protocol for clipboard sharing with Plasma on Wayland guests (​github:gh-33) Linux Guest Additions: Added extra fixes for preventing vboxvideo kernel module build with kernel version 7.0 and newer (​github:gh-655) OS/2 Guest Additions: Fixed issue when Shared Folders automount and clipboard sharing stopped working (​github:gh-551) Download: VirtualBox 7.2.10 | 170.0 MB (Open Source) Download: VirtualBox 7.2.10 Extension Pack | 19.1 MB View: VirtualBox Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • UK to ban under-16s from social media following a six-week trial with teenagers

      By FloatingFatMan · Posted

      OK, now ask yourself how are they going to enforce that law? By requiring every single adult to prove their age and provide their legal identity documents to an UNREGULATED 3rd party company that already has a long track record of multiple data breaches. Not to mention, parliament have voted AGAINST this ban, twice, and Starmer is going ahead anyway. So, where's the democracy here, because that looks like dictatorship to me. The solution here is parental responsibility, not government control. Run some public service announcements on TV and UK social media teaching parents how to setup parental controls. That's already been proven to actually work. But the, this is not and has NEVER been about keeping kids safe. It's about control and monitoring. Watching what you're doing online and controlling what you can see and what you can say.

  • Recent Achievements

    • Week One Done
      suprememobiles48 earned a badge
      Week One Done
    • One Month Later
      Windows Guy earned a badge
      One Month Later
    • One Month Later
      Prasann earned a badge
      One Month Later
    • Week One Done
      Prasann earned a badge
      Week One Done
    • First Post
      Dys Topia earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      512
    2. 2
      +Edouard
      174
    3. 3
      PsYcHoKiLLa
      102
    4. 4
      Steven P.
      88
    5. 5
      ATLien_0
      70
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!