Praney Behl 314 Posted July 15, 2011 Report Share Posted July 15, 2011 Hi fellows, Need a little help if someone can. I have over 500+ sites and almost everyday or two, I find one of my sites is attacked/hacked and placed a permanent redirect on them pointed to a spam site or a porn site. They are all WP based. Its getting more frequent and hurting.Any suggestions? Thanks Praney Quote Link to post Share on other sites
TommyTx 5 Posted July 15, 2011 Report Share Posted July 15, 2011 There is a ton of security stuff you can do...1. get rid of admin for user name.2. use the password generator use my pgm to put all 500 weird passwords into Roboform so you can access the sites quickly.3. Set up email and/or text to your phone to alert you if anyone logs into any site..And the list goes on and on... I love designing automation and its all free..Contact me at jackrabbitsec if you want to chat... check out http://52payperclick.com to see that all I do is hobby stuff so its all free.. if I do it at all. 1 Quote Link to post Share on other sites
Eddie Waller 158 Posted July 15, 2011 Report Share Posted July 15, 2011 Also make sure to keep wordpress up to date, since new exploits are found all the time. 1 Quote Link to post Share on other sites
Praney Behl 314 Posted July 15, 2011 Author Report Share Posted July 15, 2011 Thanks for replying quickly guys. @TommyTx, Thanks mate. "jackrabbitsec" is that skype? @Eddie, Thanks eddie, they are all upto date bots make sure they are updated every 2nd day. +1 for both Quote Link to post Share on other sites
TommyTx 5 Posted July 15, 2011 Report Share Posted July 15, 2011 Skype it is.. good guess... its all I use ...love it and its free.. Quote Link to post Share on other sites
Praney Behl 314 Posted July 15, 2011 Author Report Share Posted July 15, 2011 Eddie, Can we please have a private forum, that search engines don't index, I just saw google on it straight away. I would like to request a private forum where Ubot users can discuss such issues. Thanks Praney Quote Link to post Share on other sites
Praney Behl 314 Posted July 15, 2011 Author Report Share Posted July 15, 2011 Skype it is.. good guess... its all I use ...love it and its free.. Thanks mate getting on to you Quote Link to post Share on other sites
LoWrIdErTJ - BotGuru 904 Posted July 16, 2011 Report Share Posted July 16, 2011 also make sure all chmod folders are not writeable to public. also make sure and change the administration path also make sure your using legitimate plugins, and those plugins are up to date, and no exploits on them. I can help you more tomorrow when i have more time. TJ Quote Link to post Share on other sites
malefic 48 Posted July 16, 2011 Report Share Posted July 16, 2011 Not sure where you are hosted (shared / vps / dedicated) but when you find a couple hacked are they on the same hosting provider? It may have nothing to do with your sites being insecure - if you are on a server with others, they may have a weakness in their sites which lets a hacker in and then do a mass deface of all sites on that server. I used to get my WP sites defaced a lot when on cheap shared hosting - I now have my own VPS and have had no problems since. CheersM. Quote Link to post Share on other sites
TommyTx 5 Posted July 16, 2011 Report Share Posted July 16, 2011 Amen to shared hosting.. its damn near impossible to keep them out on cheap shared hosting... it might be worth taking the time to set each site to alert you if anyone logs in or for example if the byte count on a page changes.. can send you an email instantly or even a tick-tick on your cell phone via text... gives a real secure feeling to know that if someone tries to redirect your site on any one of 500 sites you know instantly and don't have to wait to see the adwords account drop to zero... and who the hell has time to check on 500 sites even once a day.. I could set something up for you for free...if you like.... it will even send you the IP of the sucker who is breaking in... we could light off a gas cannister but that might burn the server down... hee...heee. Wow! Praney.. I just noticed we both joined this club the same month back in 2010 and you have 1500 posts while I have 80. Wow you must have been writing like a big dog... course I travel through out a ton of forums... not just hang out here. Quote Link to post Share on other sites
Net66 54 Posted July 16, 2011 Report Share Posted July 16, 2011 I'll echo the whole VPS idea. I switched to VPS recently and its solved sooooo many issues. And if you're not into web server stuff then people like hostgator offer a fully managed vps (anything from level3 onwards on their plans). While it increases hosting costs from $10-$15 a month to $50 (inc cpanel which is a must have), the time and money it saves from not having issues is massive. Andy Quote Link to post Share on other sites
k1lv9h 76 Posted July 16, 2011 Report Share Posted July 16, 2011 I have "Login Lockdown" (Link to site) Wordpress plugin installed on my blogs. It makes it more interesting trying brute force login attacks. Kevin Quote Link to post Share on other sites
malefic 48 Posted July 16, 2011 Report Share Posted July 16, 2011 While it increases hosting costs from $10-$15 a month to $50 (inc cpanel which is a must have), the time and money it saves from not having issues is massive. Probably because its me, but I don't have cPanel on my servers (okay, I do use cPanel elsewhere as an offsite thing incase my VPS goes offline for some reason). I have a Ubuntu VPS and wrote a couple of small scripts to configure the Virtualhosts for each domain I host on there. Big advantage is you don't need a big spec VPS just because cPanel runs on it. I have hosted sites this way on VPS's with only 256Mb RAM. At the moment I am running a VPS with 16 small sites on (couple of Wordpress and the rest static pages), with MySQL running and I am hovering about the 200Mb RAM use. I guess it depends on how much time you want to spend messing about - I obviously have too much time on my hands If anyone wants the scripts I use to set up basic sites on Ubuntu then drop me a PM. Cheers Quote Link to post Share on other sites
JohnB 255 Posted July 16, 2011 Report Share Posted July 16, 2011 I'll echo the whole VPS idea. I switched to VPS recently and its solved sooooo many issues. And if you're not into web server stuff then people like hostgator offer a fully managed vps (anything from level3 onwards on their plans). While it increases hosting costs from $10-$15 a month to $50 (inc cpanel which is a must have), the time and money it saves from not having issues is massive. Andy I agree. I have been using serverpronto for 8 years and aside from a couple of errors I made, I have never had a single issue with any kind of attacks whatsoever. If you do have your own dedicated server, I would also highly recommend configservers free firewall script. It's among the best I have ever seen (and of course it's free). John Quote Link to post Share on other sites
LoWrIdErTJ - BotGuru 904 Posted July 16, 2011 Report Share Posted July 16, 2011 Hardening wordpress http://codex.wordpress.org/Hardening_WordPress wordpress security 101 http://www.artofblog.com/wordpress-security/ Quote Link to post Share on other sites
Praney Behl 314 Posted July 17, 2011 Author Report Share Posted July 17, 2011 Sorry guys for replying late, I figured out it was a buggy plugin through out the network, well I got my lesson. My sites are hosted on differnt C-class ip hosting paying top dollar.Maybe its time I drop some sites, that are not making much. But there are some great suggestion me and other with similar problems to have a look at here in this thread. Guess I need put put some more time into my bots to do some extra hard work from now on haha. I really like to thank you all for taking the time to help. Regards, Praney Quote Link to post Share on other sites
UBotBuddy 331 Posted July 18, 2011 Report Share Posted July 18, 2011 Don't forget to use VERY complex passwords. Quote Link to post Share on other sites
mamica 10 Posted August 3, 2011 Report Share Posted August 3, 2011 They are not hacking passwords, they use injections and backdoors to enter in your wordpress. 3.0.X have bug where a guy register and by injecting some code inside hes bio he makes him self admin on website. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.