Windows users getting a nasty surprise at my blog

Viewing 12 replies - 1 through 12 (of 12 total)
  • govpatel

    (@govpatel)

    I clicked on your website and My Norton Blocked intrusion

    ?Category: Intrusion Prevention
    Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
    2/15/2012 12:51 PM,High,An intrusion attempt by 31.184.192.35 was blocked.,Blocked,No Action Required,Web Attack: Malicious Toolkit Website 9,No Action Required,No Action Required,”31.184.192.35, 80″,zoosalon.in/index.php?showtopic=559325,”MATHAV-1A073F5B (192.168.1.1, 3596)”,31.184.192.35,”TCP, www-http”

    Thread Starter psheld

    (@psheld)

    Thanks govpatel.

    That doesn’t look cool. Wonder how this happened and whether the other blogs on my site are OK? Wonder what I have to do now? ??

    govpatel

    (@govpatel)

    You will need check your wordpress see which file is infected.See if this helps
    https://codex.www.ads-software.com/FAQ_My_site_was_hacked

    Thread Starter psheld

    (@psheld)

    I think that this might be beyond my skillset, or time. Does anyone out there fix these things; sort of gun for hire?

    esmi

    (@esmi)

    Try:
    https://codepoets.com/
    https://jobs.wordpress.net/

    Thread Starter psheld

    (@psheld)

    Thanks esmi.

    Just for the record here, this is what I’ve done so far.

    * Change FTP passwords and delete unneeded accounts – DONE
    * Change your secret keys – DONE
    * Take a backup of what you have – DONE
    * ADMIN over SSL – NOT SURE? One to ask hosts about.
    * Used Bullet Proof Security to create secure .htaccess for root and for wp-admin folder, and to deny access to BPS Master and BPS Backup
    * Checked active_plugins record for PHP code disguised as jpeg file – None

    And I’ve just noticed that my long blogroll has been cut down to just six links. All are correctly hyperlinked.

    esmi

    (@esmi)

    See:
    https://codex.www.ads-software.com/FAQ_My_site_was_hacked
    https://www.ads-software.com/support/topic/268083#post-1065779
    https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    https://ottopress.com/2009/hacked-wordpress-backdoors/

    https://sitecheck.sucuri.net/scanner/

    Thread Starter psheld

    (@psheld)

    Hi. My problems are getting worse. Another WordPress instance on the same hosting account has also been hit.

    I had a brief email exchange with https://sucuri.net last night who seem to have just the service I need, but they’re totally silent today. Can’t get a peep out of them. Maybe they’re just stacked.

    Does anyone know of a similar service to Sucuri?

    Tx.

    Thread Starter psheld

    (@psheld)

    Right then. Sucuri got to me eventually, and tell me they’ve cleaned out the malware.

    Hopefully no-one gets that warning in Windows now!

    Thanks all for your help.

    photon-x

    (@photon-x)

    Philip,

    Were you satisfied with Sucuri’s services?

    Yes, my sites got hacked, too, and I’m looking at them to do the clean up.

    Thanks for any insights.

    Cheers.

    Thread Starter psheld

    (@psheld)

    Hi Photon-X,

    As you will tell from the thread, I was a little frustrated that a day passed without attention from Sucuri, but that appears to have been a blip.

    They cleaned my sites. I got hacked again. They looked into it further, cleaned them again and gave me advice on how to prevent reoccurrence. I took the advice, and so far so good.

    All in all, I recommend Sucuri.

    photon-x

    (@photon-x)

    Hey,

    Thanks for the reply and info.

    Cheers,

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Windows users getting a nasty surprise at my blog’ is closed to new replies.