1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Wordpress Pharma Hack On Godaddy

Discussion in 'Security' started by dadaas, Jan 26, 2013.

  1. #1
    Hi,
    I have over 30 websites, all in wordpress. Yea i didnt update my wordpress on time and got hacked with that Pharma Hack that injects codes in database and create files in wordpress folders.

    So i know i have problem on all 30 websites because i check their databases and i have see hacked code.
    (i have change ftp password and scan my computer for viruses and i use filezzila for ftp ransport)

    How did i try to clean?
    1. I try to clean hacked code, deleting stuff from database and files from server, but didnt work, probably didnt clean all.

    2. then i deleted whole database and all files and installed clean wordpress with updated plugins and everything. I chmoded wp-config.php (because it looks like hacker first read this and then he practically have access to everything) to 600. I even included in .htaccess
    But it didnt help, hacker read wp-config.php and injects code in database and 10 minutes after creates hacking files over the folders.

    3. Now i m thinking to wipe everything, all 30 websites at once, dump all databases and then install clean 1 by 1. But my question is:
    1. i m hosted on godaddy 4GH Ultimate Deluxe with Malware security on host, can other user accounts and their hacked websites hack my fresh new installed website?
    2. How can someone read wp-config.php if i secure it with chmod 600 and .htacces denye?
    3. How can i make each website for it self. So if one website gets hacked, so hack dont spread all over to other websites? Is it possible to secure folders so hacker if get inside of one website cant infect other folders?

    Please tell me if there is anything i could do other than deleting everything and reinstalling and reinpoorting from beggining, because it will take me a month or even more to set up everything.
     
    Last edited: Jan 26, 2013
    dadaas, Jan 26, 2013 IP
  2. Roger Pelt

    Roger Pelt Active Member

    Messages:
    121
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    53
    #2
    You should have to find-out various security loopholes for your all WordPress website because hacker became more smart and well aware about your weak passwords, plugins vulnerabilities, and obsolete software applications and always prepared to hack anyhow. I would like to share one article explaining about WordPress security and some plugins listed there which will help you.

    http://djdesignerlab.com/2013/01/03/5-best-wordpress-plugins-to-secure-your-wordpress-blog-or-website/
     
    Roger Pelt, Jan 29, 2013 IP
  3. dadaas

    dadaas Well-Known Member

    Messages:
    1,298
    Likes Received:
    17
    Best Answers:
    0
    Trophy Points:
    160
    #3
    Not one of those plugins is needed if you are on well known host (it can be shared host as godaddy hostgator and such as long as it have reputation).

    Reason for this is because not a single security plugin can help you if you dont update your wordpress on time. You can mask tables, hide folders, rename files, whatever. If there is a hole and if hacker will use it to inject his magic, nothing will help you...

    My suggestion to all is dont use any security plugins because it will just make your website slower and it wont help you.

    database table name change? Lol this security is so stupid that i wont even go into discussion, but little hin: there is database prefix in wp-config.php So why changing it if hacker can read it in that file?

    Update Update Update is your only plugin u need.

    BTW i needed to delete everything and clean install it... Hackers are gone and i have learn my lesson on hard way, be smarter than me and update your plugs and wordpress today!!!
     
    dadaas, Feb 13, 2013 IP