1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

My site was hacked, What can i do?

Discussion in 'HTML & Website Design' started by sggenterprise, Mar 16, 2013.

  1. #1
    Hi, I have a wordpress site BroncosBook.com was hacked for some reason. I'm not sure how this can be fixed. Can anyone help?

    http://sitecheck.sucuri.net/results/broncosbook.com
     
    sggenterprise, Mar 16, 2013 IP
  2. Logist

    Logist Greenhorn

    Messages:
    20
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    21
    #2
    Once your site is back up and running, do this:
    - scan any device
    - pick stronger passwords
    - install the WordPress Firewall plugin
    - make sure WP is up to date as are all the plugins you use
    - make sure your theme is up to date
    - if you use FTP, make sure you're using FTPS, FTPES, or SFTP
    - make sure you do continual backups of your database and files
     
    Logist, Mar 17, 2013 IP
  3. dlb

    dlb Member

    Messages:
    203
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    35
    #3
    It looks like the theme has been purposely broken. Try a different theme, or re-install your existing one.

    Edit: Just saw the malware warning (I wish you'd have told us that before I clicked, lol). That is more than likely placed in the theme somewhere. You could try disabling all plugins and see if that fixes anything, if not then change the theme. As long as you get rid of the malware FAST your site shouldn't be punished.
     
    dlb, Mar 17, 2013 IP
  4. rohitindia

    rohitindia Well-Known Member

    Messages:
    209
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    125
    #4
    Ask your host to scan the server once and also download the database, files and scan it and if possible do a fresh install with the latest version of wordpress with your old database.
     
    rohitindia, Mar 17, 2013 IP
  5. Alexbizz

    Alexbizz Active Member

    Messages:
    195
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    60
    #5
    Hello, I am working on local security company in my town, can help you to fix your site.
    Please contact me if you are interest.
     
    Alexbizz, Mar 17, 2013 IP
  6. Rukbat

    Rukbat Well-Known Member

    Messages:
    2,908
    Likes Received:
    37
    Best Answers:
    51
    Trophy Points:
    125
    #6
    The easiest way to fix the problem is to delete all files on the site, remove the database and reinstall your last good backup. If you don't regularly back your site up, see if your host can restore a backup from before the site was hacked. If not, reinstall the site from scratch and start making daily backups.
     
    Rukbat, Mar 17, 2013 IP
  7. ragamsky

    ragamsky Active Member

    Messages:
    191
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    55
    #7
    If you got a hole, you need to patch it!
    Scanning,
    Find vuln hole,
    hardening server
     
    ragamsky, Mar 17, 2013 IP
  8. badmas

    badmas Well-Known Member

    Messages:
    117
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    130
    #8
    Will say just Clean your code, start with Fresh theme. following preventions and plugins for you.
    • Connect securely using SSH/SFTP
    • Keep WordPress Cookies Salted
    • Limit theme and plugins use, Delete unused ones.
    • Move wp-config.php one level up
    • renemae database prefix during installation
    • "Limit login attempts" plugin will help you from brute force attack
    • Disable User registration
    • Avoid using Free themes (except you haven't coded it yourself)
    • Manage Persmission 644 or 640 to files & 755 or 750 for folders
    • Hide WP generator Info - version info
    • Enable SSL Login
    • Kill addtional PHP Execution, like php files in uploads folder should not be executed. you can find htaccess trick for this.
    • Personally will recommend disable Plugin or theme editor.

    Some Plugins for security
    • Akismet
    • Duo Factor Authentication
    • Vaultpress
    • Limit login attempts
    • Bulletproof security
     
    badmas, Mar 17, 2013 IP
    seo.xpert likes this.
  9. VideoWhisper.com

    VideoWhisper.com Well-Known Member

    Messages:
    330
    Likes Received:
    6
    Best Answers:
    2
    Trophy Points:
    113
    Digital Goods:
    2
    #9
    In addition to suggestions above:
    - scan your site using ClamAV from time to time (have your host install it if not available)
    - get rid of any plugins, scripts or other files you don't really use on the server
    - check other scan/report sites and services, fix what they find and report the cleanup so your site doesn't get banned/blocked in search engines and browsers

    http://www.google.com/safebrowsing/diagnostic?site=broncosbook.com
    http://www.unmaskparasites.com/
    http://siteinspector.comodo.com/
     
    VideoWhisper.com, Mar 17, 2013 IP
    seo.xpert likes this.
  10. creativewebmaster

    creativewebmaster Active Member

    Messages:
    654
    Likes Received:
    7
    Best Answers:
    4
    Trophy Points:
    78
    #10
    Changes you server pass and your all other passwords. Then remove the virus in the website files and uploaded fresh files.
     
    creativewebmaster, Mar 17, 2013 IP
  11. sggenterprise

    sggenterprise Active Member

    Messages:
    249
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    83
    #11
    I fixed it, Thanks for the help guys. It was the theme code.
     
    sggenterprise, Apr 1, 2013 IP