1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Hacked By "HaYaL- ET-06" TURKiSH HACKER

Discussion in 'WordPress' started by purpleorange, Oct 3, 2013.

  1. #1
    Hi Every One,

    Today most of my friends WordPress based sites were hacked by a Turkish hacker. At least this was what the image that came up told us

    [​IMG]

    It is good to posses skills, but it should not make the lives of people miserable. If at all a member of this hacking group happened to read this, please know that your actions made a common man and an innocent family behind him to be sad tonight.

    Apart from that, i want members of DP to be aware of this and i want members to share if they faced this problem and how they or their hosting team solved it.
    purpleorange, Oct 3, 2013 IP
  2. competent123

    competent123 Notable Member

    Messages:
    1,590
    Likes Received:
    52
    Best Answers:
    6
    Trophy Points:
    205
    #2
    have better security, strong wordpress and ftp passwords.

    no point crying over them, as they are not going to go away, you will have to be more and more secure than ever before.
    competent123, Oct 3, 2013 IP
  3. malky66

    malky66 Prominent Member

    Messages:
    1,707
    Likes Received:
    1,046
    Best Answers:
    27
    Trophy Points:
    390
    #3
    Yet another "wordpress site has been hacked" thread, the only answer...ditch the steaming pile of unsecure shite known as turdpress, how the hell it got so popular is totally beyond me, my 12 year old could hack it.....
    OP..well done for giving the *hackers* a massive dose of publicity, do you think they give a toss that they made someone sad??
    {shakes head in disbelief}
    malky66, Oct 3, 2013 IP
    Arick unirow likes this.
  4. purpleorange

    purpleorange Member

    Messages:
    140
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    35
    #4
    May be i am very idealistic here. I am not concerned about wordpress or technology. I am worried about how people find happiness in making others sad.
    purpleorange, Oct 3, 2013 IP
    oakley56fila likes this.
  5. malky66

    malky66 Prominent Member

    Messages:
    1,707
    Likes Received:
    1,046
    Best Answers:
    27
    Trophy Points:
    390
    #5
    I think you'll find most of these so called *hackers* are sad little friendless nerds all alone in their bedrooms with just a PC for company trying to make people as miserable as they are, I can't imagine they have any happiness in them.
    malky66, Oct 3, 2013 IP
    navin_bvr, matt_62 and Devtard like this.
  6. Hefaistos

    Hefaistos Active Member

    Messages:
    157
    Likes Received:
    13
    Best Answers:
    9
    Trophy Points:
    63
    #6
    Sad to hear that there are people who have nothing else to do during their free time than to mock the work of others.

    Personally I don't think WordPress is a script that can be "hacked by a 12 year old", assuming that you are using it properly. It is more secure than lot of paid, custom scripts. Most of WordPress vulnerabilities are found in poorly coded plugins or themes .

    Few advices to avoid this kind of situation :
    - Make sure you are using a high quality webhosting service.
    - Use long and secure passwords.
    - Do not tell your passwords and data to nobody.
    - Use a good antivirus and scan your computer from time to time with antimalware softwares to avoid keyloggers and harmful scripts.
    - Allways update your WordPress script to latest version.
    - Be careful what plugins are you using.
    - Use only trusted themes that you are sure that are well coded (validated data, sanitized and escaped - as applicable ).
    Hefaistos, Oct 3, 2013 IP
    Devtard and Nigel Lew like this.
  7. Devtard

    Devtard Notable Member

    Messages:
    845
    Likes Received:
    137
    Best Answers:
    4
    Trophy Points:
    220
    #7
    I don't think that WP is a "steaming pile of unsecure shite" as malky66 said, however plugins and themes with security holes may be. When installing third-party software, make sure that there is no obfuscated code etc.

    Here is a handy manual for making WP more secure: http://codex.wordpress.org/Hardening_WordPress
    Devtard, Oct 3, 2013 IP
    matt_62 and Hefaistos like this.
  8. Sam Idoeb

    Sam Idoeb Member

    Messages:
    31
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    26
    #8
    You can use better wp security plugin to hardening your wordpress sites. It has many options to secure your wp.
    Sam Idoeb, Oct 3, 2013 IP
  9. gkd_uk

    gkd_uk Well-Known Member

    Messages:
    902
    Likes Received:
    64
    Best Answers:
    1
    Trophy Points:
    115
    #9
    Last edited: Oct 11, 2013
    gkd_uk, Oct 11, 2013 IP
  10. esther.paul

    esther.paul Active Member

    Messages:
    130
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    63
    #10
    I like your concern on the people who actually suffer but the truth is hackers who do it just do it to show their power or skill and they are not concerned about people who suffer. All we can do is to take such things as a lesson and strengthen our site; I would say cheap hosting suffers a lot with such issues. I may be wrong but that is what I feel.
    esther.paul, Oct 12, 2013 IP
  11. xorred

    xorred Greenhorn

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #11
    would it be a violation if I, the one who offers a service to prevent hacks / consult on hardening Wordpress, share my website? Well, I won't make it an active link as to be as compliant to the rules as possible - but if you guys need help securing your sites or cleaning them up, feel free to drop by at http://nopasara.com/hacked-website-repair/ - calling any of the contact phone numbers in the contact form calls my cell.
    xorred, Oct 12, 2013 IP
  12. modexi

    modexi Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #12
    Can you post on r10.net . This site is Turkhish webmaster group
    modexi, Oct 23, 2013 IP
  13. Nick Gomez

    Nick Gomez Greenhorn

    Messages:
    70
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    13
    #13
    There are many things you can do to improve the security of your wordpress sites. One simple thing is to rename the Admin user name to something different. It's very easy to do in wordpress. Another easy idea is to move the login file "wp-admin.php" to another directory.
    If you want, you can spend money on plugins which do a lot of different things for you automatically and manage the entire process seemlessly. Good luck
    Nick Gomez, Oct 31, 2013 IP
  14. atsad

    atsad Active Member

    Messages:
    269
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    55
    #14
    It seems very merciless hearts that can laugh by hurting other innocent people.
    In some cases, one blog site is the "only earning source" of the entire family. So if this is ruined then the whole family fall in miserable condition.
    atsad, Nov 2, 2013 IP
  15. ZyreX

    ZyreX Active Member

    Messages:
    56
    Likes Received:
    6
    Best Answers:
    1
    Trophy Points:
    70
    #15
    Stop crying and put it this way .
    He's done you a favour . If he wouldn't hacked your website , you would never know that you have a security hole .
    Probably all he did is change the home page, just to warn you that your site is at risk. But it could've happen worse.
    When I say worse , I mean, he could've injected something there and keep it hidden from you .. and work on it, spread a virus or whatever , until you lose everything: your profit, your visitors, etc.. even get banned because the page is distributing malicious software.

    So I think you should say Thank you.

    "What doesn't kill you , makes you stronger" .
    Now that you know you have a security breach, fix it .. and be aware of other possible security holes.
    ZyreX, Nov 2, 2013 IP
  16. SpeedyUnit

    SpeedyUnit Greenhorn

    Messages:
    36
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    8
    #16
    Always use a strong password, always update the script and if you are on vps or dedicated server make sure you secure server.
    SpeedyUnit, Nov 2, 2013 IP
  17. atsad

    atsad Active Member

    Messages:
    269
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    55
    #17
    Hey,
    Another important tips for stronger security is moving wp-config.php file to the upper directory.
    Don't forget to do this.
    atsad, Nov 3, 2013 IP
  18. MBDungo

    MBDungo Active Member

    Messages:
    163
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    58
    #18
    I will give you some tips to improve the security of a WordPress-powered website.

    1. Don't rely to the protection of a CAPTCHA in your login area because some bots can guess it correctly and make your website vulnerable from a brute-force attack. So now, make sure that your login area have limit the login attempt by using a trusted plugin.

    2. Use a CDN, here is how to use it http://developingsites.blogspot.com/2012/09/how-to-use-content-delivery-network-cdn.html and maximize or set the Security profile of the CDN settings for your website "High".

    3. Point the DNSSEC of your domain name to the DNSSEC values that are provided by your host if they have it. Contact your hosting provider for the DNSSEC values of your domain name. DNS Security Extensions (DNSSEC) protect applications from using forged or manipulated DNS data by digitally signing data to validate it's origin. This also ensures that your end user (if any) is connecting to the actual address for your domain name.

    4. Have a Secure Sockets Layer (SSL) enabled to your website to enable HTTPS connection.
    Last edited: Nov 6, 2013
    MBDungo, Nov 6, 2013 IP
  19. oakley56fila

    oakley56fila Active Member

    Messages:
    129
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    58
    #19
    Unfortunately there are a lot of people who consider hacking a hobby. Believe it or not, some good has come from it. But by in large, it is purely a malicious act. I'm very sorry.

    The best way to protect against this is to keep backups of your website. If you have a backup you can recover from any hack quickly. You will have to take additional action after restoring a backup to make sure your website isn't hacked again, but this is a safe route to take as it allows you to recover from anything any hacker can do to your website.

    Also, do not neglect your updates. Keep your WordPress core up to date, and make any theme modifications in a child-theme so that the primary can be updated whenever it is possible.
    oakley56fila, Nov 19, 2013 IP
  20. WebLab

    WebLab Member

    Messages:
    161
    Likes Received:
    3
    Best Answers:
    2
    Trophy Points:
    35
    #20
    I do agree too. Hope the hacker didn't do any damage to your website.
    Share the plugins you used. If your wp site was hacked thru insecure code in plugin, reporting to plugin owner can save other websites too.
    WebLab, Nov 20, 2013 IP