U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Internet
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 05-30-2018, 06:01 AM
 
Location: Metro Washington DC
12,553 posts, read 18,926,430 times
Reputation: 7195

Advertisements

Just had a word press site hacked. Out host suspended our site and recommended site lock to clean it up. I looked at online reviews of their service. There are reviews that say they’re good, and reviews that say they are a scam. They say that you pay to have your site cleaned and then monthly to protect it. There are numerous reviews saying that even with the monthly fees, their sites still got hacked, and they were charged hundreds of dollars to fix it again. If these reviews are true, I want a better solution. What would you do? Are the reviews true?
Reply With Quote Quick reply to this message

 
Old 05-30-2018, 06:21 AM
 
37,071 posts, read 38,273,370 times
Reputation: 14835
The key to this is not getting hacked in the first place, you need to keep the software updated. Wordpress in particular because it's a big target since so many people use it and their track record hasn't exactly been stellar over the years. I'm not familiar with the particulars of Wordpress but the procedure here is going to be similar regardless of what software you are using.

The first question is do you have backup of the database, the older the better but of course you will want one with current content. The second question is do you have full backup of the files that is older? You do make backups right?

If you do have backups of that nature that are older and represent your current content this is really not that difficult to fix.
Reply With Quote Quick reply to this message
 
Old 05-30-2018, 06:57 AM
 
37,071 posts, read 38,273,370 times
Reputation: 14835
Quote:
Originally Posted by dkf747 View Post
There are numerous reviews saying that even with the monthly fees, their sites still got hacked, and they were charged hundreds of dollars to fix it again.

Just to add the most secure websites will have a layered approach making them less of a sheep. There is no one click solution for this. I'm not familiar with the service you mentioned but I do use a similar service from Cloudflare. Most of the security measure they use are duplicated on my server anyway, I primarily use them for the DDOS protection.

One thing to be aware of is that the protection these services provide requires a lot of configuration on the server end to take full advantage of it. The traffic to your site is first routed through their service, this will help stop common attacks but if the attacker is specifically targeting your site it's a whole other ballgame. They only need to obtain the IP and can circumvent any protections such a service can provide.
Reply With Quote Quick reply to this message
 
Old 05-30-2018, 07:43 AM
 
Location: Richardson, TX
10,119 posts, read 16,716,797 times
Reputation: 24610
It might be a scam, or you might really have been hacked. Sitelock is in bed with several of the big hosts such as hostgator and blue host.

Read this: https://www.whitefirdesign.com/blog/...e-has-malware/
Reply With Quote Quick reply to this message
 
Old 05-31-2018, 08:49 AM
 
Location: Metro Washington DC
12,553 posts, read 18,926,430 times
Reputation: 7195
Quote:
Originally Posted by thecoalman View Post
The key to this is not getting hacked in the first place, you need to keep the software updated. Wordpress in particular because it's a big target since so many people use it and their track record hasn't exactly been stellar over the years. I'm not familiar with the particulars of Wordpress but the procedure here is going to be similar regardless of what software you are using.

The first question is do you have backup of the database, the older the better but of course you will want one with current content. The second question is do you have full backup of the files that is older? You do make backups right?

If you do have backups of that nature that are older and represent your current content this is really not that difficult to fix.

I have access to all my files, but the backup we thought we had is gone. At this point, I will save what we want to keep and wipe the rest away. I am thinking of going to a new hosting company too.
Reply With Quote Quick reply to this message
 
Old 05-31-2018, 08:50 AM
 
Location: Metro Washington DC
12,553 posts, read 18,926,430 times
Reputation: 7195
Quote:
Originally Posted by Debsi View Post
It might be a scam, or you might really have been hacked. Sitelock is in bed with several of the big hosts such as hostgator and blue host.

Read this: https://www.whitefirdesign.com/blog/...e-has-malware/

Thanks so much for that link.
Reply With Quote Quick reply to this message
 
Old 05-31-2018, 09:07 AM
 
Location: The Berk in Denver, CO USA
13,112 posts, read 18,715,776 times
Reputation: 20409
1. Use good, long passwords.
2. Don't use WordPress.
Reply With Quote Quick reply to this message
 
Old 05-31-2018, 10:13 AM
 
37,071 posts, read 38,273,370 times
Reputation: 14835
Quote:
Originally Posted by dkf747 View Post
I have access to all my files, but the backup we thought we had is gone. At this point, I will save what we want to keep and wipe the rest away. I am thinking of going to a new hosting company too.

I'm not talking about the files on the server, I'm referring to backup of the files of the server that may have been made prior to it being compromised. Once something is compromised everything is suspect. If you have older backup that represents your current content things are really easy because you know they have no issues



The files on the server may have code that was added and if they aren't wiped during the update process the site would still be vulnerable. Cleaning out the stock files is not that difficult because you can just delete the old ones and upload new copies. That is not complete solution and could still leave you vulnerable because there is going to be upload directories etc.


Assuming you have backups of nothing first backup the database. Copy the entire contents of the public_html directory to your computer and then delete everything in the public_html directory. Upload fresh copy of Wordress, be sure to follow any directions from the install instructions about file/folder permissions. From the files you downloaded you want to upload only the necessary files such as images you may have uploaded.



There is going to be file that holds the credentials for the database, since this fresh copy of files it may be blank or not even exist. Wordpress will have the documentation for this. First change the password in the hosting control panel. You need to do this because the password may have been exposed to the hackers. You can then edit or add the file according to Wordpress's instructions



At this point you should be able to run the update process according to WordPress documentation. Once that is complete your site should be fully functional.



You are not of the woods just yet. They could of added users, posts pages or whatever. You need to carefully check the users and content. You want to make sure and admin user was not added for example.
Reply With Quote Quick reply to this message
 
Old 05-31-2018, 03:54 PM
 
Location: Metro Washington DC
12,553 posts, read 18,926,430 times
Reputation: 7195
Quote:
Originally Posted by thecoalman View Post
I'm not talking about the files on the server, I'm referring to backup of the files of the server that may have been made prior to it being compromised. Once something is compromised everything is suspect. If you have older backup that represents your current content things are really easy because you know they have no issues



The files on the server may have code that was added and if they aren't wiped during the update process the site would still be vulnerable. Cleaning out the stock files is not that difficult because you can just delete the old ones and upload new copies. That is not complete solution and could still leave you vulnerable because there is going to be upload directories etc.


Assuming you have backups of nothing first backup the database. Copy the entire contents of the public_html directory to your computer and then delete everything in the public_html directory. Upload fresh copy of Wordress, be sure to follow any directions from the install instructions about file/folder permissions. From the files you downloaded you want to upload only the necessary files such as images you may have uploaded.



There is going to be file that holds the credentials for the database, since this fresh copy of files it may be blank or not even exist. Wordpress will have the documentation for this. First change the password in the hosting control panel. You need to do this because the password may have been exposed to the hackers. You can then edit or add the file according to Wordpress's instructions



At this point you should be able to run the update process according to WordPress documentation. Once that is complete your site should be fully functional.



You are not of the woods just yet. They could of added users, posts pages or whatever. You need to carefully check the users and content. You want to make sure and admin user was not added for example.

Thank you for this!


I already checked for added users and didn't find any. I did find one a couple of months ago and removed it, and changed passwords. I did that in the phpmyadmin controls before making sure they weren't in the wordpress adminiistration. However, I did not get around to cleaning the site so they may still have a way in.



I understand about the backups. I don't seem to have one, and if I did, it is lost. Thanks for the above. That is very helpful. Going to get started on that.
Reply With Quote Quick reply to this message
 
Old 05-31-2018, 04:05 PM
 
37,071 posts, read 38,273,370 times
Reputation: 14835
Quote:
Originally Posted by thecoalman View Post
You are not of the woods just yet. They could of added users, posts pages or whatever. You need to carefully check the users and content. You want to make sure and admin user was not added for example.

I forgot, also change the password on the WordPress admin account and any others. They are all subject to being compromised.



One last bit of advice, if the password(s) you have used for WordPress account(s) is the same as the one for your email account change that as well. Just so it's clear if you used Gmail email account go to your Gmail account and change it. Those passwords are encrypted in the database on the server with the password itself being the key to decrypt. One common thing that will occur when a site gets hacked is they will dump the user table.Then they will try and brute force the passwords or insert some code into script to simply send it to them when you login. Once they obtain the password they will then use it get into the email account associated with it.



As matter of fact if you want to be on the safe side you might want to change all passwords associated with that site such as the hosting control panel etc.

Last edited by thecoalman; 05-31-2018 at 04:19 PM..
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:

Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Internet
Similar Threads
Follow City-Data.com founder on our Forum or

All times are GMT -6.

© 2005-2018, Advameg, Inc.

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top