1. Welcome to DNTrade. If you want to find out about the latest domain name industry news or talk, share, learn, buy, sell, trade or develop domain names - then you've come to the right place. It's a diverse and active community, with domain investors, web developers and online marketers - and it's free! Click here to join now.
    Dismiss Notice

BACKUP NOW, a new hack is coming

Discussion in 'Web Development' started by findtim, Sep 30, 2015.

  1. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,448
    Likes Received:
    1,629
    auDA Member:
    Yes
    asantha and Ash like this.
  2. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,448
    Likes Received:
    1,629
    auDA Member:
    Yes
    this is gathering momentum from what i am reading online, i've just got another and also another 2 that i suspect are going to get hit, i looked into the files and i suspect its attempting to hack.
    but if i go to sucuri it say they are fine so do not trust that free check.
    wordfence is also not picking up the files as the java is cloaked/hidden

    backup and DOWNLOAD is my suggestion.
    tim
     
    johno69 likes this.
  3. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,448
    Likes Received:
    1,629
    auDA Member:
    Yes
    So lets continue this path, i contact sucuri, on chat, i say i have the attack visitor hack can you get rid of it?

    answer comes back, "YES, its $199 per year "
    so you will remove the hack and it will be safe ?
    " yes "
    makes you wonder doesn't it ?
    tim
     
  4. Cooper Mills DomainLawyer

    Cooper Mills DomainLawyer Membership: VIP

    Joined:
    Dec 11, 2008
    Messages:
    1,513
    Likes Received:
    518
    auDA Member:
    Yes
    Tim, Sucuri are great, I have had them fix a hacked website very quickly. Their support is excellent, so I happily pay them
     
    Rhythm likes this.
  5. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,448
    Likes Received:
    1,629
    auDA Member:
    Yes
    THANKS for that feedback erhan, thats what i have been wanting.......... someones UX of sucuri

    tim
     
    Rhythm likes this.
  6. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,448
    Likes Received:
    1,629
    auDA Member:
    Yes
    plugin Supercache seems to be one vulnerability

    tim
     
  7. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,448
    Likes Received:
    1,629
    auDA Member:
    Yes
    so check wp-content > cache > supercache and then any folder inside that, its creating directories/pages
    also wordfence is now helping discover these where it wasn't last week ? sucuri has been virtually no help

    tim
     
  8. nt81

    nt81 Membership: Community

    Joined:
    Jul 22, 2013
    Messages:
    443
    Likes Received:
    44
    We have also seen a sharp increase in Wordpress infections / exploits over the last 2 months, specifically the past 14 days.
    I can tell you for starters, most Wordpress "hacks" start from a "freemium" plugin - e.g. Revoslider / Gravity Forms.

    These type of freemium plugins are BAD for serveral reasons, but the major one appears to be, even if an update is available, the plugin will report it is completely up to date. You only get the real "updates" once you've paid. This is obviously becoming a favourite vector to be exploited by hackers / script kids.

    The other vector appears to be a lot of the "free" wordpress template websites offer deeply infected templates, pree loaded with well-hidden functions to quickly gain write/email access to any Wordpress site. If forced to, I would suggest only using templates available through the actual Wordpress template market (internal template search function).

    In my experience, looking after web hosting clients for a long++ time now, the Wordpress platform itself is increasingly becoming the #1 bit of open source CMS to be targeted. To be blunt, I've stopped using wordpress completely as of the start of 2015 and would advise you all to do the same until they fix the issues. I wish everyone would stop jumping on the "Wordpress is easy and awesome" train and making the issue worse.

    On a side-note, the topic of this thread is very true, but as always, make sure you're able to confirm your backups :

    1. Happen regularly
    2. Cover ALL important data
    3. Are tested regularly to ensure there aren't corruption / restore issues.
    4. Are retained for long enough to ensure nothing major gets lost.

    Having backups for "hacks" is also only any good if you manage to patch the exploit that led to your site being hacked/defaced in the first place. Every week, we restore a website only to have it broken again within 48 hours because our advice wasn't taken on-board. Shits me to tears.
     
    Ash likes this.