Hacked By "HaYaL- ET-06" TURKiSH HACKER

Hi Every One,

Today most of my friends WordPress based sites were hacked by a Turkish hacker. At least this was what the image that came up told us



It is good to posses skills, but it should not make the lives of people miserable. If at all a member of this hacking group happened to read this, please know that your actions made a common man and an innocent family behind him to be sad tonight.

Apart from that, i want members of DP to be aware of this and i want members to share if they faced this problem and how they or their hosting team solved it.

 

have better security, strong wordpress and ftp passwords.

no point crying over them, as they are not going to go away, you will have to be more and more secure than ever before.

 

Yet another "wordpress site has been hacked" thread, the only answer...ditch the steaming pile of unsecure shite known as turdpress, how the hell it got so popular is totally beyond me, my 12 year old could hack it.....
OP..well done for giving the *hackers* a massive dose of publicity, do you think they give a toss that they made someone sad??
{shakes head in disbelief}

 

May be i am very idealistic here. I am not concerned about wordpress or technology. I am worried about how people find happiness in making others sad.

 

I think you'll find most of these so called *hackers* are sad little friendless nerds all alone in their bedrooms with just a PC for company trying to make people as miserable as they are, I can't imagine they have any happiness in them.

 

Sad to hear that there are people who have nothing else to do during their free time than to mock the work of others.

Personally I don't think WordPress is a script that can be "hacked by a 12 year old", assuming that you are using it properly. It is more secure than lot of paid, custom scripts. Most of WordPress vulnerabilities are found in poorly coded plugins or themes .

Few advices to avoid this kind of situation :
- Make sure you are using a high quality webhosting service.
- Use long and secure passwords.
- Do not tell your passwords and data to nobody.
- Use a good antivirus and scan your computer from time to time with antimalware softwares to avoid keyloggers and harmful scripts.
- Allways update your WordPress script to latest version.
- Be careful what plugins are you using.
- Use only trusted themes that you are sure that are well coded (validated data, sanitized and escaped - as applicable ).

 

I don't think that WP is a "steaming pile of unsecure shite" as malky66 said, however plugins and themes with security holes may be. When installing third-party software, make sure that there is no obfuscated code etc.

Here is a handy manual for making WP more secure: http://codex.wordpress.org/Hardening_WordPress

 

You can use better wp security plugin to hardening your wordpress sites. It has many options to secure your wp.

 

It's a shame

Someone has been attempting to hack into one of my word press powered blogs - see: https://forums.digitalpoint.com/threads/16-failed-login-attempts-4-lockouts-s.2686308/ If you're default username is still set to admin they will hack using tools which try different passwords until they find the right one.

You may also want to visit: https://forums.digitalpoint.com/threads/securing-wordpress.2685438/ for a few tips that should hopefully reduce such attacks

 

I like your concern on the people who actually suffer but the truth is hackers who do it just do it to show their power or skill and they are not concerned about people who suffer. All we can do is to take such things as a lesson and strengthen our site; I would say cheap hosting suffers a lot with such issues. I may be wrong but that is what I feel.

 

would it be a violation if I, the one who offers a service to prevent hacks / consult on hardening Wordpress, share my website? Well, I won't make it an active link as to be as compliant to the rules as possible - but if you guys need help securing your sites or cleaning them up, feel free to drop by at http://nopasara.com/hacked-website-repair/ - calling any of the contact phone numbers in the contact form calls my cell.

 

Can you post on r10.net . This site is Turkhish webmaster group

 

There are many things you can do to improve the security of your wordpress sites. One simple thing is to rename the Admin user name to something different. It's very easy to do in wordpress. Another easy idea is to move the login file "wp-admin.php" to another directory.
If you want, you can spend money on plugins which do a lot of different things for you automatically and manage the entire process seemlessly. Good luck

 

It seems very merciless hearts that can laugh by hurting other innocent people.
In some cases, one blog site is the "only earning source" of the entire family. So if this is ruined then the whole family fall in miserable condition.

 

Stop crying and put it this way .
He's done you a favour . If he wouldn't hacked your website , you would never know that you have a security hole .
Probably all he did is change the home page, just to warn you that your site is at risk. But it could've happen worse.
When I say worse , I mean, he could've injected something there and keep it hidden from you .. and work on it, spread a virus or whatever , until you lose everything: your profit, your visitors, etc.. even get banned because the page is distributing malicious software.

So I think you should say Thank you.

"What doesn't kill you , makes you stronger" .
Now that you know you have a security breach, fix it .. and be aware of other possible security holes.

 

Always use a strong password, always update the script and if you are on vps or dedicated server make sure you secure server.

 

Hey,
Another important tips for stronger security is moving wp-config.php file to the upper directory.
Don't forget to do this.

 

I will give you some tips to improve the security of a WordPress-powered website.

1. Don't rely to the protection of a CAPTCHA in your login area because some bots can guess it correctly and make your website vulnerable from a brute-force attack. So now, make sure that your login area have limit the login attempt by using a trusted plugin.

2. Use a CDN, here is how to use it http://developingsites.blogspot.com/2012/09/how-to-use-content-delivery-network-cdn.html and maximize or set the Security profile of the CDN settings for your website "High".

3. Point the DNSSEC of your domain name to the DNSSEC values that are provided by your host if they have it. Contact your hosting provider for the DNSSEC values of your domain name. DNS Security Extensions (DNSSEC) protect applications from using forged or manipulated DNS data by digitally signing data to validate it's origin. This also ensures that your end user (if any) is connecting to the actual address for your domain name.

4. Have a Secure Sockets Layer (SSL) enabled to your website to enable HTTPS connection.

 

Unfortunately there are a lot of people who consider hacking a hobby. Believe it or not, some good has come from it. But by in large, it is purely a malicious act. I'm very sorry.

The best way to protect against this is to keep backups of your website. If you have a backup you can recover from any hack quickly. You will have to take additional action after restoring a backup to make sure your website isn't hacked again, but this is a safe route to take as it allows you to recover from anything any hacker can do to your website.

Also, do not neglect your updates. Keep your WordPress core up to date, and make any theme modifications in a child-theme so that the primary can be updated whenever it is possible.

 

I do agree too. Hope the hacker didn't do any damage to your website.
Share the plugins you used. If your wp site was hacked thru insecure code in plugin, reporting to plugin owner can save other websites too.