zooter80 Posted May 31, 2014 Posted May 31, 2014 Hi, My website www.jaldireviews.com has been hacked. I'm going to try and take down my site, but is it possible to figure out from the logs who did this. Is there a backup I can use to restore my site? pls help!
wolstech Posted May 31, 2014 Posted May 31, 2014 At most, apache logs (if we even have them, which I don't know, an admin would) would show the IP of who connected, which could be hundreds or thousands of entries. As for backups, that is the users responsibility. Put simply, you probably can't find out who did it, and no we don't have a backup for you. The best I can recommend is that you rebuild your site using all up to date software. Outdated software is the number one reason people get hacked.
zooter80 Posted May 31, 2014 Author Posted May 31, 2014 I got my site up and running, but pls. could you investigate from your end too? http://www.zone-h.org/archive/ip=216.218.192.170 There is one more heliohost website too hacked..it looked like the config.php (sorry don't remember the exact php filename) was modified and defaced....I dont' know whether it was done via heliohost directly or via wordpress code injection
Tjoene Posted May 31, 2014 Posted May 31, 2014 This support request is being escalated to our root admin.
hussam Posted May 31, 2014 Posted May 31, 2014 it's easy to deface a wordpress website if you use an older version but you appear to be using 3.9.1 which is the latest version.You need to change the permissions of wp-config.php to read only even by owner otherwise you really are putting yourself at great danger. That means 'chmod 444 wp-config.php'. the permissions should look like this "-r--r--r-- wp-config.php". Wordpress has hooks all over the places and so too many people write plugins and not all of them are safe. Try to not use any plugins unless they are very well maintained and written by people who know what they are doing. Do read this too http://codex.wordpress.org/Hardening_WordPress
yashrs Posted May 31, 2014 Posted May 31, 2014 As Hussam said, it is easy to deface a website using Wordpress if it not protected enough. I would recommend you install these plugins to avoid getting hacked.:- 1. iThemes Security 2. Theme Authenticity Checker (TAC) Also, your site has XSS(http://en.wikipedia.org/wiki/Cross-site_scripting), in the search box.
zooter80 Posted June 1, 2014 Author Posted June 1, 2014 @hussam -- thanks, i've changed the config permission. I assume I should change the config mode if i have to do some theme customization? @Yashrs -- will install the ones you've mentioned as well as look into the XSS issue
hussam Posted June 1, 2014 Posted June 1, 2014 zooter80, just set it writable by owner, do your editing then set it back to read-only.
Recommended Posts