Knowledgebase

Hacked

Posted by JulesW, 12-08-2013, 06:01 AM
A couple of the domains that I host as a reseller have been hacked by 'Bangladeshi Hackers' and have subsequently been suspended by my hosts. Where does the fault lie and does anyone know what I can do to rectify the situation? I have never experienced this before so if any can help or point me in the direction of some information I would be grateful.
Posted by net, 12-08-2013, 06:25 AM
What kind of sites you are running? Most hacked sites are due to vulnerable plugins in WP or Joomla, etc...
Posted by nixtree, 12-08-2013, 06:27 AM
Nobody can provide you help until you provide some more information. Even providing them, I doubt you will get a right solution other than some general guidelines like keep your scripts upto-date, check permissions, etc. So here it is - cross verify your access logs and see any suspicious activities during the time where hack occurred. Make sure no directories have world writable permission. If all of your websites are using a common script ( like wordpress ), make sure to keep it and its plugins upto-date.
Posted by Dr_Michael, 12-08-2013, 06:36 AM
Does your host have backups to restore?
Posted by YagHost-Ravi, 12-08-2013, 06:38 AM
If only few hosting accounts were hacked, that means your reseller main account is safe. Have you checked access logs of hacked account?? That may give you some idea.
Posted by JulesW, 12-08-2013, 06:38 AM
Thanks guys, it is not my own sites but rather those of a couple of my clients. I checked and they are running Wordpress sites. Thanks for the advice nixtree, I just needed some general pointers.
Posted by YagHost-Ravi, 12-08-2013, 06:40 AM
Ohh... that means problem may be behind wordpress installed on those accounts. I suggest you to refer to these wordpress documentation KB pages: http://codex.wordpress.org/FAQ_My_site_was_hacked http://codex.wordpress.org/Hardening_WordPress
Posted by Atlanical-Mike, 12-08-2013, 08:38 AM
Do you have a outdated theme like default ones which Wordpress, my customer was hacked we think though them, so we removed them, he's not been hacked since.
Posted by ServerSam, 12-08-2013, 08:57 AM
So true. It is recommended that you delete any unused installed/themes and plugins. It is best to regularly advice this to your clients...
Posted by astutiumRob, 12-08-2013, 09:06 AM
Generally with you. Depends on the hack, from the ound of it, you've allowed clients to have insecure wordpress plugins and/or out-of-date WP installs. Start by talking to your host about having the other sites put back online, but keeping the affected ones suspended ...
Posted by DWS2006, 12-08-2013, 09:11 AM
JulesW this type of situation is usually at the fault of the site owner, unless you've seen reports of several hacks on the server during the same period of time (For example - if every account on the server has its index file removed, that's a provider issue.). Unfortunately, popular open-source software draws with it these types of problems, educating users about the consequences of running outdated installs is about all you can do. Softaculous and Installatron can help in reminding clients to update.
Posted by JulesW, 12-08-2013, 09:47 AM
Thanks to everyone for their help and insights. I have managed to get the clients account re-instated minus the offending Wordpress sites and have passed all of the links and information on to them. Hopefully, they will not experience the same problems again.
Posted by kpmedia, 12-08-2013, 03:09 PM
WTF? No. The clients were running WordPress. Securing it is their responsibility.
Posted by AdditionHosting, 12-09-2013, 04:08 AM
Honestly, its your clients response abillity to harden and protect there data when it comes to wordpress. Wordpress is quite secure but there are known exploits. When its comes to Wordpress getting "Hacked" is ususally a issue caused on your clients behalf. I suggest you inform them about this.
Posted by bukzrock, 12-09-2013, 09:59 AM
When you are hosting Word Press , Joomla sites you should carefull about security. Hackers can easily access your accounts through Wordpress.
Posted by JixHost, 12-09-2013, 07:24 PM
Its likely a c99 shell uploaded on the shared server you are on. From there the hacker searches the accounts inside the server for vulnerabilities.


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
Telnap.com is down? (Views: 582)
1paket traffic meter down? (Views: 637)
Wirenine Review (3 Month) (Views: 574)
Completely Managed? (Views: 592)
FTP will not work!!! (Views: 583)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.