Portal Home > Knowledgebase > Articles Database > Hacked ... help me
Hacked ... help me
| Posted by mixmox, 05-03-2013, 10:08 AM |
| hello
someone hacked our website and remove all files from public html
how can i repaid and check who/how hacked also remove hacked file(if any)
|
| Posted by BestServerSupport, 05-03-2013, 10:28 AM |
| If you are on shared hosting then ask your web hosting provider to first restore the web contents of your website from the latest backup available. The second thing you need to check in the logs of FTP, control panel and see if there is any suspicious activity from unknown IP address.
I would also suggest you to immediately change your passwords an always choose strong passwords.
|
| Posted by sniperscope, 05-03-2013, 12:11 PM |
| you probably should contact your hosting provider first. They give you detailed information if they have any.
|
| Posted by LankapartnerHost, 05-03-2013, 02:51 PM |
| Is this about dedicated or shared host ?
|
| Posted by mixmox, 05-04-2013, 03:17 AM |
| this website host on VPS and ssh access is enable for me,
problem is attacker find way to upload shell and remove all files from public_html
mm caf and mod_sec are enable also i have change ftp port and add several disable function.
no idea ?
cms is wordpress
|
| Posted by Michaelz, 05-04-2013, 03:31 AM |
| What version of WP is this? Have you checked all your logs?
|
| Posted by VervexHosting, 05-04-2013, 10:55 AM |
| I would set up public key authentication as the only form of access for ssh if you haven't already. Is the version of Wordpress you are running the latest? Have you got and older plugins on it?
Talk to your host about the latest backup they have for your VPS. Not all hosts keep regular backups but the good ones should.
|
| Posted by mixmox, 05-04-2013, 11:03 AM |
| hacker can only get access to delete hacked site, after checkup hacked file, he know all username that host on server and config file, but he cna only delete hacked site
any idea to prevent hacker from get access to other site from hacked account ?
|
| Posted by tuxandrew, 05-05-2013, 03:06 AM |
| Hey,
In most cases the hackers use vulnerabilities in plugins, themes templates.
The best option is to update the WP to one of the latest versions and also update themes and templates.
Reset all admin/conrolpanel passwords every once in a while. Please do malware scan over the account once in a week.
Ask your administrator to implement softwares which prevent browser attacks(in Apache you can use mod_security to prevent browser attacks).
|
| Posted by fshagan, 05-05-2013, 11:58 AM |
| If nothing is in public_html you have to start over anyway. You want to make sure there isn't a backdoor script on the server.
Go to your host or VPS control panel (such as SolusVM) and reinstall the OS. Start fresh. Change the root password, implement tighter security overall (changing the SSH port at a minimum, and probably disallowing root access in favor of a username that is less common, etc.) Then reinstall Wordpress, restore your backup, and make sure your WP installation is secure. You can use the WordFence plugin, or one similar, to secure Wordpress if you don't want to futz with all the settings yourself.
|
| Posted by kevincheri, 05-05-2013, 02:40 PM |
| Back that, my advise is to check all scripts and update them to the latest version and apply any security patches available and then restore the site content. You can go through the domain access logs to see how it was hacked.
|
| Posted by BestServerSupport, 05-05-2013, 09:46 PM |
| For WordPress, you should also install a good security pluggin like Better WP Security. Simply CSF, mod_secrity will not help. Also, please make sure that you update your wordpress versions, plugins regularly. I would also suggest you to regularly scan your local machine from where you upload files with latest antivirus/trojan softwares. It may be possible that your local system is compromised with some kind of trojan which can steal your passwords.
|
Add to Favourites 
Print this Article
Also Read
Spam Tjek (Views: 765)