New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
If you have time, try to reinstall it directly from WordPress if it is still hacked, then there is a possibility that someone in your node has a shell access that can compromise the neighboring account.
There's definitely no conclusive evidence on BlueVM's side, so it's probably not their fault, but at this point, I'm pretty much lost at the attack vectors.
I'll try out directly installing without the assistance of Softocolous then.
Is your control panel Kloxo or cPanel?
If you're on freenode, ping me the moment it happens so I can look at fresh log data and see the path of intrusion. Judging from the looks of things, I very much think there's lax security at fault somewhere.
Check your PC, THEN reset your email passwords.
On Shared cPanel I think.
That eliminates one of the breach entry point possibility.
I scanned it last night as a precaution with Avast!
Of course, it's entirely possible the malware is FUD though.
Sure, what's your freenode username?
Thanks too!
It happens virtually every night.
Could be some skid having gained access to your computer using a RAT...
It's rallias or gasseus (depends if freenode keeps stable).
Last time when I'm using SemoWeb reseller hosting, my website keep getting hacked, because one of my friend using Wordpress, and his site is hacked again and again.
But after I moved the website to my own cpanel server, it's safe. The problem is from the frontpage extension and the webdav
@darknyan with @Rallias you are in good hands.
Yeah, it might be the best idea to completely reset my computer.
Though all my other accounts and passwords are just fine. It's really just Wordpress being affected.
Lock down wp-login to your IP (or htpasswd), reset all your WP config salts, change your passwords for WP and SFTP; then run wordfence
Of course, it's entirely possible the malware is FUD though.
Try Malwarebytes.. it found zeus virus on my computer when avast could not.
http://www.malwarebytes.org/
Will do.
Will also get Google Authenicator because I'm tired of having to deal with password attacks.
You are running your own VPS correct? If so, setup a robust set of mod_security rules (AtomicCorp rule sets are good). You might be able to block the attack and then review your logs to identify precisely what they were targeting. I'd guess they're exploiting some sort of vulnerable plugin.
Recaptcha can help secure the login form against brute force attacks.
Its definitely not a plugin, unless Askimet had a huge security flaw and the guy wasn't a script kiddie.
I'm using shared hosting from BlueVM. Excellent provider by the way.
Instead of Recaptcha, I decided to use Google Authenticator.
@darknyan
Re-install WordPress
Install Better WP Security plugin- apply basic protection
- Hide your admin area
- change admin username
- Prevent long URL strings
If you are a reseller your clients can hack ur accounts and ur clients accounts by simply uploading a cpanel hacking script.
Maybe you are interested in how to secure your wordpress blog.
>
Atomic rulesets are no longer free =/
Try NOT installing Wordpress using Softaculous. Do a manual installation. There may be an issue with how Softaculous does the installation causing security flaws.
Ahh, seems that they stopped offering their delayed ruleset free of charge back in late October. This appears to be a solid alternative: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
We'd be happy to share our mod_security rule set with any other hosts. Contains additions to protect against WHMCS vulnerabilities.
This time, I installed Wordpress manually, and with Google Authenicator as well. The overnight hackings stopped immediately. I wouldn't be surprised if Softaculous was responsible, seeing as SQL injection was the most likely attack vector.
I still imported the Wordpress install into Softaculous to make automated backups.
@darknyan - Glad to hear things are working better for you...
I'm intrigued to know what softaculous is doing
I softacolous installed once with Google Authenicator and it got hacked regardless.
When I did a manual install, it just cleared up.