Page 1 of 2 12 LastLast
Results 1 to 25 of 32
  1. #1
    Member onecrazymom's Avatar
    Join Date
    July 11th, 2007
    Location
    Portland
    Posts
    132
    Exclamation EVERY single one of my sites were hacked! HELP!
    Hello, all,

    As the subject line states, all of my sites have been hacked. Fifteen of them. Some of them weren't even flippin' developed yet, so I don't see the point in that.

    I'm running all of them on Wordpress, different themes on all of them.

    First time it happened was Saturday night. Six sites. All hosted on Godaddy. Hubby found a fix, and got the sites up and running again.

    This morning, all of my sites are down. Weird thing is, some are hosted on Godaddy, some are hosted on hostgator. Does that mean that it's my computer that's dirty, and I'm uploading the hacks with FTP when I make changes to my sites?

    I SORT OF suspect some new themes that I downloaded Friday night. I uploaded two of them to one of my sites that I host on hostgator. Odd, though, that only the godaddy sites were hit first. Some of those that were hacked on Saturday night are sites that I've not updated or made any changes to in weeks.

    Anyone have any suggestions or advice on 1) how to clean and 2) how to prevent future break-ins? Hubby is in the process of bringing them back up with "fixes," but I suspect the same thing will happen again.

    If it matters:
    I use two versions of WP: the newest version is on hostgator, and the one that was released prior to this newest version is on the godaddy sites.

    Totally bummed,
    Onecrazymom
    Last edited by onecrazymom; December 29th, 2008 at 01:13 PM.

  2. #2
    Full Member 1stAngel's Avatar
    Join Date
    November 21st, 2008
    Location
    Manchester UK
    Posts
    248
    I got a VERY iffy theme I put on, that I didnt get from word press themselvves, that was

    a: tracking me and my visitors and
    b: had its own affiliate links on it!!!
    :approval:

    Beth aka 1stAngel
    [URL=http://1stangel.co.uk]1stAngel Arts Magazine[/URL]
    [URL=http://galileowasright.com]Galileo Was Right[/URL]

  3. #3
    Member onecrazymom's Avatar
    Join Date
    July 11th, 2007
    Location
    Portland
    Posts
    132
    Quote Originally Posted by 1stAngel
    I got a VERY iffy theme I put on, that I didnt get from word press themselvves, that was

    a: tracking me and my visitors and
    b: had its own affiliate links on it!!!
    This one didn't have any links on it. I'm just wondering now, what might have been piggy-backed with the theme I downloaded. Of course, there's a chance that it's not the theme.

    I only suspect it because I downloaded it Friday, uploaded Saturday... and some of my sites went down Saturday night. (The thing that makes me doubt that it was the theme is the fact that I uploaded it to a hostgator-hosted site, and all of the sites that went down Saturday night were those hosted on Godaddy).

  4. #4
    ...and a Pirate's heart. Convergence's Avatar
    Join Date
    June 24th, 2005
    Posts
    6,918
    "...when you have eliminated the impossible, whatever remains, however improbable, must be the truth?" - Sherlock Holmes

    Backtrack - revert back to your previous themes (after changing passwords, of course).

  5. #5
    Member onecrazymom's Avatar
    Join Date
    July 11th, 2007
    Location
    Portland
    Posts
    132
    Quote Originally Posted by Convergence
    "...when you have eliminated the impossible, whatever remains, however improbable, must be the truth?" - Sherlock Holmes

    Backtrack - revert back to your previous themes (after changing passwords, of course).
    Yes. But. I only uploaded the maybe-questionable theme to one site.

    Several of the sites that were hit Saturday night (and again this morning) are sites that I have not touched at all for several weeks.

    My main site, I've not changed the theme or tweaked any of the css for months. The only thing that has changed with that one is my regular updated posts.

    My main site (along with those that have been completely untouched for weeks) are hosted on godaddy. The maybe-questionable theme was uploaded to ONE site on hostgator.

    Confusing, no?

  6. #6
    ...and a Pirate's heart. Convergence's Avatar
    Join Date
    June 24th, 2005
    Posts
    6,918
    Quote Originally Posted by onecrazymom
    Yes. But. I only uploaded the maybe-questionable theme to one site.

    Several of the sites that were hit Saturday night (and again this morning) are sites that I have not touched at all for several weeks.

    My main site, I've not changed the theme or tweaked any of the css for months. The only thing that has changed with that one is my regular updated posts.

    My main site (along with those that have been completely untouched for weeks) are hosted on godaddy. The maybe-questionable theme was uploaded to ONE site on hostgator.

    Confusing, no?
    Are your WP installs current?
    Have you run a security scan on your computer(s)?
    Have you been to the WP forum to see if anyone else has experienced this lately?

    ~ Denis

  7. #7
    Member onecrazymom's Avatar
    Join Date
    July 11th, 2007
    Location
    Portland
    Posts
    132
    Quote Originally Posted by Convergence
    Are your WP installs current?
    Have you run a security scan on your computer(s)?
    Have you been to the WP forum to see if anyone else has experienced this lately?

    ~ Denis
    Yes (newest version on most of the sites, second-to-newest on the others).
    Yes.
    And no.

    I did contact several other affiliates I know who run all of their sites on WP, to ask if they'd experienced any weirdness and/or knew of others who have.

    Heading to the WP forum now.

  8. #8
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    There are a couple of threads in the blogging forum about WP hacking, but this sounds like the one you may be exeriencing:

    http://forum.abestweb.com/showthread.php?t=113464
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  9. #9
    Life is Supposed to be Fun! Rexanne's Avatar
    Join Date
    January 18th, 2005
    Location
    Los Angeles
    Posts
    12,360
    Yikes Onecrazymom - I feel for ya - hope you can get it sorted out quickly.

    One positive: it happened after the Christmas shopping season. :-)
    Peace,

    Rexanne

    Rexanne.com
    Loving Everyone's Child Creates Magic


  10. #10
    Antisocial Media Expert ProWebAddict's Avatar
    Join Date
    March 25th, 2006
    Location
    Go Daddy
    Posts
    1,109
    So...what's the name of the theme?

  11. #11
    Member onecrazymom's Avatar
    Join Date
    July 11th, 2007
    Location
    Portland
    Posts
    132
    Quote Originally Posted by loxly
    There are a couple of threads in the blogging forum about WP hacking, but this sounds like the one you may be exeriencing:

    http://forum.abestweb.com/showthread.php?t=113464
    Thanks, Lox. It has been a day, let me tell ya. Got most of 'em back up, and am scrubbing around, checking every freakin' page and post.

    Serenity now.
    Serenity now.

    Serenity now.


  12. #12
    Full Member 1stAngel's Avatar
    Join Date
    November 21st, 2008
    Location
    Manchester UK
    Posts
    248
    Peace and love and loads of HUGGZZZZZZZ
    :approval:

    Beth aka 1stAngel
    [URL=http://1stangel.co.uk]1stAngel Arts Magazine[/URL]
    [URL=http://galileowasright.com]Galileo Was Right[/URL]

  13. #13
    Member onecrazymom's Avatar
    Join Date
    July 11th, 2007
    Location
    Portland
    Posts
    132
    Quote Originally Posted by ProWebAddict
    So...what's the name of the theme?
    There's no name. It's a number. Can't for the life of me remember where I downloaded it from. But the theme's name was a 4-digit number (I've since removed it from my machine, so I don't know the #s).

    The theme is primarily green, and the header has an image of an Asian doctor and nurse.

    Asian.

    My hackers are from China.

    2+2=hacked

  14. #14
    More Cheesier Than Ever Cheesehead's Avatar
    Join Date
    January 18th, 2005
    Location
    Land of The NFL Champs!
    Posts
    2,942
    Sorry to hear about this. Go to http://www.mytestbox.com/news/secure...g-tips-tricks/ for some preventative tips. I will be doing some of this tomorrow as I have a few WP blogs myself.
    This World is Not My Home
    We're gonna go inside, we're gonna go outside, inside and outside. . . And then we're gonna go go go and we're not gonna stop til we get across that goalline! Quotes from the movie Rudy, 1993

  15. #15
    MasterMike HardwareGeek's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,810
    WP blogs always get hacked, that's what open source gets ya.

    www.expressionengine.com

  16. #16
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    Quote Originally Posted by HardwareGeek
    WP blogs always get hacked, that's what open source gets ya.

    www.expressionengine.com
    Actually that isn't true. Yes some of my blogs were hacked, but most haven't been. And all the ones that got it were on Dreamhost from the one click install about a year or so ago. And software that isn't open source gets hacked too, so I wouldn't get too smug.

    I have looked at expression engine and it doesn't do what I want it to. For others it might be perfect.

    I don't use WordPress because it's free, I use it because it does what I need. And staying up to date just got easier so staying ahead of the hackers should be easier also.
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  17. #17
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    If it's different hosts and all at the same time, then there's a good chance that there's something nasty on your PC.

    FTP authentication is send in plaintext, so it's notoriously insecure (see http://en.wikipedia.org/wiki/Ftp#Criticisms_of_FTP).

    But saying they are "hacked" is a bit vague! Were the sites vandalised? Was code injected into the site? If so, can you see any domains or distinctive code snippets?

    If you research the actual hack itself, you might get some clues as to how it happened.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  18. #18
    ABW Ambassador 2busy's Avatar
    Join Date
    January 17th, 2005
    Location
    Tropical Mountaintop
    Posts
    5,636
    FTP before the Kerberos protocol was widely used was very insecure. Telnet or SSH is more secure but Kerberos on servers (and as part of Windows and Apple/Mac systems since 2000) generally protects short term connections.

  19. #19
    Banned
    Join Date
    February 7th, 2006
    Posts
    118
    Quote Originally Posted by onecrazymom
    Yes. But. I only uploaded the maybe-questionable theme to one site.

    Several of the sites that were hit Saturday night (and again this morning) are sites that I have not touched at all for several weeks.

    My main site, I've not changed the theme or tweaked any of the css for months. The only thing that has changed with that one is my regular updated posts.

    My main site (along with those that have been completely untouched for weeks) are hosted on godaddy. The maybe-questionable theme was uploaded to ONE site on hostgator.

    Confusing, no?
    This sounds very much like somethng on your computer. It may have gotten there from the theme you downloaded however. Try doing a virus/spyware scan of your computer and see if anything comes up.

    If you don't want to use Wordpress anymore, some alternatives are CushyCMS and Graffiti. I can't tell you how good these are as I have not personally tried them.

  20. #20
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    WordPress wouldn't have as many users as it does if it were getting consistently hacked. Major bloggers, plus their own wordpress.com venture would all be getting hacked constantly and that would be a major issue.

    Not to say hacking doesn't happen, but it is usually WP combined with other factors. Be very careful which plugins and themes you use, those folks can put anything they want into their code. As noted in another thread, here is a link to a plugin that finds bad files on your site:

    http://ocaoimh.ie/exploit-scanner/
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  21. #21
    Affiliate Manager
    Join Date
    January 18th, 2005
    Location
    Los Angeles, California
    Posts
    1,913
    How strong was your password?
    Richard Gaskin
    Developer of WebMerge: Publish any data feed on any site
    http://www.fourthworld.com

  22. #22
    Full Member 1stAngel's Avatar
    Join Date
    November 21st, 2008
    Location
    Manchester UK
    Posts
    248
    fourthworld, excellent pont. I am always having to tell my members to change passwords on different sites and parts of our site where we want two logins.

    If someone gets your password once, they can then just go through all oyur sites like a dose of salts if you use the same password.

    Always use a string of random letters, numbers and symbols... example zC^&SW>2

    One of my dear friends always uses her login name *sigh*
    :approval:

    Beth aka 1stAngel
    [URL=http://1stangel.co.uk]1stAngel Arts Magazine[/URL]
    [URL=http://galileowasright.com]Galileo Was Right[/URL]

  23. #23
    ABW Ambassador simcat's Avatar
    Join Date
    January 18th, 2005
    Location
    Denver
    Posts
    1,786
    There is a WP plugin called login lockdown that helps prevent brute-force password breaking.

    I cant vouch for it, except to say so-far no hacking where I've used it.

  24. #24
    Lite On The Do, Heavy On The Nuts Donuts's Avatar
    Join Date
    January 18th, 2005
    Location
    Winter Park, FL
    Posts
    6,930
    my passwords are all strong and are unique, hundreds of them. RoboForm is the reason I can do that efficiently.

    January 2008, PC World published their "25 Products We Can't Live Without" list.

    Roboform was #9:
    http://www.pcworld.com/article/14170...e_without.html

    More awards:
    http://www.roboform.com/links.html

    They don't make a Mac version, and that's the only thing negative I can say about them. I love this tool, and everytime I hear an "I got hacked" story, I fall in love with her again...

  25. #25
    Full Member 1stAngel's Avatar
    Join Date
    November 21st, 2008
    Location
    Manchester UK
    Posts
    248
    Thats what I use too!!! Its awesome!
    :approval:

    Beth aka 1stAngel
    [URL=http://1stangel.co.uk]1stAngel Arts Magazine[/URL]
    [URL=http://galileowasright.com]Galileo Was Right[/URL]

+ Reply to Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. I've been hacked!
    By Ron Bechdolt in forum Midnight Cafe'
    Replies: 14
    Last Post: May 17th, 2006, 07:52 PM
  2. Hostgator sites hacked?
    By suzigeek in forum Midnight Cafe'
    Replies: 11
    Last Post: January 17th, 2006, 11:38 PM
  3. I've Been Hacked!
    By Cheesehead in forum Midnight Cafe'
    Replies: 8
    Last Post: January 16th, 2005, 07:05 AM
  4. Ever been hacked?
    By sloth in forum Midnight Cafe'
    Replies: 7
    Last Post: August 11th, 2004, 02:34 AM
  5. I was Hacked
    By dete99 in forum Midnight Cafe'
    Replies: 14
    Last Post: August 22nd, 2002, 10:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •