Help needed to resolve security issues

Discussion in 'Site & Server Administration' started by Garcia, Sep 8, 2009.

0
  1. #1
    Hi,

    my sites are getting hacked very frequently. I am spending my valuable time on fixing these issues :(

    the hacker somehow logging into my admin panel and changed the admin username and passwords, emails, etc. and replaces the files and puts his name on it :(

    Can you please help/guide me out on how to well protect my sites?

    Also, what permission settings i need to set for each folders/files, etc.

    Thanks
     
    Garcia, Sep 8, 2009 IP
  2. live-cms_com

    live-cms_com Notable Member

    Messages:
    3,128
    Likes Received:
    112
    Best Answers:
    0
    Trophy Points:
    205
    Digital Goods:
    1
    #2
    Permissions is a very small part of security.

    Did you code the files yourself?
     
    live-cms_com, Sep 8, 2009 IP
  3. Garcia

    Garcia Member

    Messages:
    524
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    33
    #3
    am using wordpress
     
    Garcia, Sep 8, 2009 IP
  4. Thibaut

    Thibaut Well-Known Member

    Messages:
    886
    Likes Received:
    26
    Best Answers:
    0
    Trophy Points:
    140
    #4
    There is a flaw in 2.8.2; upgrade to 2.8.4

    Regards
    Thibaut
     
    Thibaut, Sep 9, 2009 IP
  5. RHS-Chris

    RHS-Chris Well-Known Member

    Messages:
    1,007
    Likes Received:
    35
    Best Answers:
    10
    Trophy Points:
    150
    #5
    Are you in a shared hosting environment, VPS or dedicated server?
     
    RHS-Chris, Sep 9, 2009 IP
  6. Bohra

    Bohra Prominent Member

    Messages:
    12,573
    Likes Received:
    537
    Best Answers:
    0
    Trophy Points:
    310
    #6
    Its better u delete all php files u think is not part of wordpress and reupload the files
     
    Bohra, Sep 9, 2009 IP
  7. nyxano

    nyxano Peon

    Messages:
    417
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Definitely upgrade to the latest version of WP. Also, make sure your password is something no one will guess.
     
    nyxano, Sep 9, 2009 IP
  8. kailash

    kailash Well-Known Member

    Messages:
    1,248
    Likes Received:
    42
    Best Answers:
    0
    Trophy Points:
    190
    #8
    If you have just wordpress, I suggest to remove all files (excluding wp-contents folder), upload wordpress files/folders and check all the files present in wp-contents folder. If you find any suspicious files, remove them.. Also change all your password including mysql user.

    In addition to this, scan the system from where you are accessing your blog. Now a day, it is very common to steal password using keylogger, spyware, trojan etc.

    Kailash
     
    kailash, Sep 13, 2009 IP