About Keeping WordPress Secure

  • ceconn.com

    I can’t tell you how many times I’ve been hacked. Most recently, this morning. I have the usual updates – all of them and all current.
    I tried moving wp-config file one directory up to wp-includes folder but that just meant I could not log on to my site. I tried changing permission to 400 and adding stuff to .htaccess. None of that worked because it locked me out as well.

    What is a body to do?

Viewing 14 replies - 16 through 29 (of 29 total)
  • Thread Starter erikacon

    (@erikacon)

    Wow. Looks like I’ve got my work cut out for me. I’ll get right on that. It looks like someone even hacked my appletv. I called AVG this morning and they’ve been running scans since then. Then I’ll call Apple.

    Thread Starter erikacon

    (@erikacon)

    OK, Done.

    Thread Starter erikacon

    (@erikacon)

    I have a number of add-on domains and also sub-domains. Do I have to do anything with them?

    Steve

    (@stevejohnson)

    I can almost guarantee that you have a backdoor script installed in some out-of-the way folder. There isn’t an easy way to clean up intrusions like this – you have to examine or replace from a known good source every file in your account, which includes the folders for addon domains and subdomains.

    I can almost guarantee that you have a backdoor script installed in some out-of-the way folder.

    I believe so too. However, erikacon has stated a couple of times that she has reinstalled from clean sources, not once but numerous times.

    May be some deleted plugin / theme has kept a script and someone played / playing with it.

    Let us see what happens next for your website.
    Repeat the same for add-on domains and also sub-domains too. They are fully separate regardless whether they are on subfolder or subdomain.

    Thread Starter erikacon

    (@erikacon)

    What should I be looking for?
    Where would I find a backdoor script?
    In fact, what is a backdoor script? How does it look?
    When you say a known good source, what do you mean? What about my backups? Wouldn’t that be a known good source?

    Thread Starter erikacon

    (@erikacon)

    OK, here goes nothing.

    Read the whole web page including Vladimir’s comment :

    https://perishablepress.com/tale-of-a-hacked-website/

    Thread Starter erikacon

    (@erikacon)

    Done. All of them now have the .htaccess what the main domain has.

    Thread Starter erikacon

    (@erikacon)

    I actually read all of it, especially Vladimir’s comments. I went into cpanel and then Error logs. I got this. I don’t know if that is helpful but here it is:
    [Wed Jul 04 13:24:09 2012] [crit] [client 66.249.66.239] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:24:09 2012] [crit] [client 66.249.66.239] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:23:06 2012] [crit] [client 188.65.96.106] (13)Permission denied: /home/erikacon/public_html/say-cheese/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:23:05 2012] [crit] [client 188.65.96.106] (13)Permission denied: /home/erikacon/public_html/say-cheese/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:20:45 2012] [crit] [client 180.76.6.232] (13)Permission denied: /home/erikacon/public_html/boy-scouts-canada/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:19:41 2012] [crit] [client 208.115.113.85] (13)Permission denied: /home/erikacon/public_html/countrygarden/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:19:41 2012] [crit] [client 208.115.113.85] (13)Permission denied: /home/erikacon/public_html/countrygarden/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:19:24 2012] [crit] [client 124.115.0.18] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:19:24 2012] [crit] [client 124.115.0.18] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:17:07 2012] [crit] [client 180.76.6.211] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:17:07 2012] [crit] [client 180.76.6.211] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:08:16 2012] [crit] [client 208.115.113.85] (13)Permission denied: /home/erikacon/public_html/countrygarden/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:08:16 2012] [crit] [client 208.115.113.85] (13)Permission denied: /home/erikacon/public_html/countrygarden/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:08:03 2012] [crit] [client 208.115.113.85] (13)Permission denied: /home/erikacon/public_html/can-we-talk/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:08:00 2012] [crit] [client 208.115.113.85] (13)Permission denied: /home/erikacon/public_html/say-cheese/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:05:58 2012] [crit] [client 180.76.5.111] (13)Permission denied: /home/erikacon/public_html/can-we-talk/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 13:01:06 2012] [crit] [client 66.249.66.148] (13)Permission denied: /home/erikacon/public_html/can-we-talk/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:59:27 2012] [crit] [client 208.92.218.66] (13)Permission denied: /home/erikacon/public_html/can-we-talk/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:58:46 2012] [error] [client 77.75.77.11] client denied by server configuration: /home/erikacon/public_html/canwetalk/.htaccess
    [Wed Jul 04 12:57:34 2012] [crit] [client 77.75.77.11] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:57:34 2012] [crit] [client 77.75.77.11] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:57:31 2012] [crit] [client 77.75.77.11] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:57:31 2012] [crit] [client 77.75.77.11] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:57:19 2012] [crit] [client 66.249.66.239] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:57:19 2012] [crit] [client 66.249.66.239] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:56:04 2012] [crit] [client 100.43.83.158] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:56:04 2012] [crit] [client 100.43.83.158] (13)Permission denied: /home/erikacon/public_html/tapc.ca/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:52:22 2012] [crit] [client 66.249.66.148] (13)Permission denied: /home/erikacon/public_html/say-cheese/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:52:20 2012] [crit] [client 66.249.66.121] (13)Permission denied: /home/erikacon/public_html/say-cheese/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:52:07 2012] [crit] [client 180.76.5.53] (13)Permission denied: /home/erikacon/public_html/countrygarden/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:52:06 2012] [crit] [client 180.76.5.53] (13)Permission denied: /home/erikacon/public_html/countrygarden/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:51:49 2012] [crit] [client 1.202.218.8] (13)Permission denied: /home/erikacon/public_html/countrygarden/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:51:49 2012] [crit] [client 1.202.218.8] (13)Permission denied: /home/erikacon/public_html/countrygarden/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:49:39 2012] [crit] [client 100.43.83.158] (13)Permission denied: /home/erikacon/public_html/countrygarden/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:49:39 2012] [crit] [client 100.43.83.158] (13)Permission denied: /home/erikacon/public_html/countrygarden/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
    [Wed Jul 04 12:48:20 2012] [error] [client 1.202.218.8] File does not exist: /home/erikacon/public_html/canwetalk/404.shtml
    [Wed Jul 04 12:48:20 2012] [error] [client 1.202.218.8] File does not exist: /home/erikacon/public_html/canwetalk/robots.txt
    [Wed Jul 04 12:19:53 2012] [error] [client 115.250.194.46] client denied by server configuration: /home/erikacon/public_html/wp-admin/install.php
    [Wed Jul 04 12:19:15 2012] [error] [client 115.250.194.46] client denied by server configuration: /home/erikacon/public_html/wp-admin/install.php
    [Wed Jul 04 12:19:14 2012] [error] [client 66.249.66.148] client denied by server configuration: /home/erikacon/public_html/wp-admin/install.php
    [Wed Jul 04 12:19:08 2012] [error] [client 115.250.194.46] client denied by server configuration: /home/erikacon/public_html/wp-admin/install.php
    [Wed Jul 04 09:59:33 2012] [error] [client 1.202.218.8] File does not exist: /home/erikacon/public_html/canwetalk/404.shtml
    [Wed Jul 04 09:59:33 2012] [error] [client 1.202.218.8] File does not exist: /home/erikacon/public_html/canwetalk/robots.txt
    [Wed Jul 04 09:05:07 2012] [error] [client 123.126.50.71] client denied by server configuration: /home/erikacon/public_html/saycheese/.htaccess
    Warning: DocumentRoot [/home/erikacon/public_html/whatsmellssogood] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/fotosbyerika.com] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/fotoblog] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/food911] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/whatsmellssogood] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/fotosbyerika.com] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/fotoblog] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/food911] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/whatsmellssogood] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/fotosbyerika.com] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/fotoblog] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/food911] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/whatsmellssogood] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/fotosbyerika.com] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/fotoblog] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/food911] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/whatsmellssogood] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/fotosbyerika.com] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/fotoblog] does not exist
    Warning: DocumentRoot [/home/erikacon/public_html/food911] does not exist
    [Wed Jul 04 07:08:56 2012] [error] [client 1.202.218.8] File does not exist: /home/erikacon/public_html/canwetalk/404.shtml
    [Wed Jul 04 07:08:56 2012] [error] [client 1.202.218.8] File does not exist: /home/erikacon/public_html/canwetalk/robots.txt

    I have deleted my food blog, so that makes sense. Also fotosbyerika was demolished during the first hacking and, would you believe, that’s the only one I did not have a backup for? I’ll have to start from scratch.

    The instructions are often over my head. That’s a lot to take in all at once. I’ll just keep re-reading until i figure it out.

    Thread Starter erikacon

    (@erikacon)

    In case I forgot as I do sometimes, thank you all so very much. I do appreciate it.

    Great.

    Permission denied is appearing as you wrongly moved the .htaccess to wp-config (instead of having individual .htaccess). The number of attempts indicates when a visitor tried to access any page, post, tag or categories. From WordPress config file, that .htacess was needed for showing the proper webpage. If you compare with any IP tracing software, you will get my IP starting with 117 too!

    To test, you can rename the root .htaccess (like bak.htaccess). If you visit few pages, you will get 404 plus the error on log.

    Vladimir’s comment is remarkable really.

    Now, you need to restore the backups of very carefully.

    Thread Starter erikacon

    (@erikacon)

    Thanks again. I will do that.

Viewing 14 replies - 16 through 29 (of 29 total)
  • The topic ‘About Keeping WordPress Secure’ is closed to new replies.