• I have been learning wordpress and so I installed bunch of plugins. After working for 2 days suddenly, my website stopped working so I went inside AWS lightsail console to check on my instance. It was not there.

    2fa was not enabled on my account which I am not sure got disabled after I created PHPMyAdmin access or what.

    But when I go in lightsail there is no instance. So, I called Amazon basic support and they said they can’t find any record of my instance. This doesn’t make sense as I have the AWS nameservers and static ip.

    So, my question is:

    (1) did it get hacked because for some reason 2fa got disabled

    (2) can wordpress plugins really delete my AWS instance also

    (3) can creating sanpshot on AWS lightsail help me recover the content in case of a hack?

    (4) does 2fa prevent a rogue plugin from deleting my content?

    How do I stop a rogue backdoor plugin from doing the above?

    I am sorry I don’t know where else to go for this question.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    It would be extremely rare for a hack to delete a site, much less any instance of your AWS instance. It seems to me that something else happened.

    >> So, I called Amazon basic support and they said they can’t find any record of my instance. <<

    I once used AWS for a test site. AARGH, such grief. I quickly moved to Digital Ocean.

    >> can creating sanpshot on AWS lightsail help me recover the content in case of a hack? <<

    Backup early, backup often, use automated, scheduled backups, and store the backups off-site, regardless of the platform you’re using for hosting. In the event of A Bad Thing, a backup may be the quickest way to recover. Backup both files and the database.

    Thread Starter baldeaglemall

    (@baldeaglemall)

    Thanks for reply. It’s rare but is it possible that rogue plugin can delete the AWS instance or entire site?

    Is there way to stop rogue plugin from talking to its parent hacking server? I had WordFence installed.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    It’s possible, but difficult. A plugin would be run via PHP but it would be a very poor setup that would let the PHP user have access to files other than what’s in the wordpress “tree”. I suppose a specially crafted one could access the AWS APIs to delete the instance, but really, why? The goal of most hacks is to keep the site up and use it to serve malware and/or ads and/or redirect to other sites.

    If your site was secured properly and you had a strong admin password and you did not use any plugins obtained from sketchy sources (aka, “nulled” plugins), it’s unlikely you had a rogue plugin.

    Thread Starter baldeaglemall

    (@baldeaglemall)

    Something really fishy is going on with AWS right now. Suddenly my website is loading again and I am able to connect through SSH and FileZila but there is no AWS instance on my lightsail account. I did contact customer support and waiting for their response.

    What files should I download from FileZila just in case I never get to access my AWS account again.

    Download all site file/directories and a copy of the database.

    Thread Starter baldeaglemall

    (@baldeaglemall)

    Would you know what folder that is within the tree for site and database ?

    The root folder could be called public_html, or maybe yoursite.com. Find the folder that contains folders such as /wp-admin/ and /wp-content/, and files such as wp-config.php.

    Copy the parent/root folder that contains all those folders and files. That gives you your wordpress, theme and plugin folders/files.

    Then you need to create a backup of your database, which contains all your settings and written content. Does your AWS provided control panel give you the option to make a backup of the database?

    Thread Starter baldeaglemall

    (@baldeaglemall)

    I have access to PHPMyAdmin. What location will it be on PHPMyAdmin?

    Is DB not available through FTP?

    Great. Enter PHPMy Admin, In the left-hand column you should be able to select the database for your site, possibly named username_yoursite. When selected you should see 12+ rows of tables appear. Each table will have a label such as wp_commentmeta, wp_comments. At the top of the screen select Export to export the full database as an SQL file.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Did my AWS lightsail wordpress instance get hacked’ is closed to new replies.