UpdraftPlus Home › Forums › Paid support forum – UpdraftPlus backup plugin › Site Hacked
- This topic has 5 replies, 3 voices, and was last updated 10 years, 1 month ago by Garry.
-
AuthorPosts
-
August 17, 2014 at 7:45 pm #24234KKParticipant
Hi David,
I got few of my sites hacked today, and two of them had updraftplus, the host (webhostinghub) support told me that on these two sites only files affected were of updraftplus, following are the files
site1:
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/File/X509.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/File/ANSI.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/File/ASN1.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SFTP/Stream.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SFTP.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SCP.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SSH1.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SSH2.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/RSA.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Random.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/RC4.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Twofish.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Base.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/AES.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/TripleDES.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Hash.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/DES.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Rijndael.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/RC2.php
./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Blowfish.php
./public_html/mysite.com/wp-content/plugins/updraftplus/readme.txtsite2:
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/File/X509.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/File/ANSI.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/File/ASN1.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SFTP/Stream.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SFTP.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SCP.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SSH1.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SSH2.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/RSA.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Random.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/RC4.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Twofish.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Base.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/AES.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/TripleDES.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Hash.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/DES.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Rijndael.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/RC2.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Blowfish.php
./public_html/mysite2.com/wp-content/plugins/updraftplus/readme.txtDo you have any idea why this happened, was this because of updraftplus (I don’t say it but just asking) and can you recommend some plugin to scan / protect wordpress sites from happening this again (I know its not your part but would appreciate if you can help).
Looking forward to hear from you.
Thanks
August 18, 2014 at 9:20 am #24359udadminKeymasterHi Karim,
Many hacks will attempt to infect every file they can find that has write-permissions allowing them to do so. My initial guess would be that another website on the same box got hacked, and only those files in your install were writable by another user. If you read the code of those files, you’ll see they’re all library code – there’s nothing directly runnable by an external user in them. So the point of intrusion is elsewhere. The web hosting company can find out, if they’re motivated to – they can trace timestamps, and HTTP requests in their Apache logs. It usually takes an hour or two (I speak as someone who’s done this many times) – it’s dull, but can be done.
David
August 19, 2014 at 5:50 pm #24699KKParticipantHi David,
Thank you for answering this, I totally agree with you.
Can you recommend any wordpress plugin that can at least protect my sites from being hacked or being difficult to hack by fixing permissions, user passwords, etc.?
Looking forward for your help.
Thanks
August 19, 2014 at 8:24 pm #24722udadminKeymasterHi Karim,
If you did get hacked through another site, then that means the web hosting setup is insecure – you should ask them about that. Properly set up web hosting shouldn’t allow one user-level account to be able to hack another.
I like BruteProtect for login protection. I’ve not used any of the big security plugins, but when I’ve seen them on other peoples’ sites, WordFence has been the one that I’ve thought most highly of.
Best wishes,
DavidAugust 21, 2014 at 5:43 pm #25157KKParticipantThank you so much :)
October 9, 2014 at 6:03 pm #40881GarryParticipantI offer hosting to a number of clients and watch out after things. Security is a big deal for me and too many people were getting hacked, though none were in the hosting I provide.
Short of it is that I spend a good deal of time researching WordPress security.
Your first and best defense is a great set of backups. I’ve settled on UpDraftPlus of this.
There are a lot of ways to approach what I’d call a “security lockdown” but the best by far that I found for the majority of WP users is a plugin called “All In One WP Security & Firewall” – https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
It’s clear and leads you through plugging all the common “holes” in WP installation.
-
AuthorPosts
- The topic ‘Site Hacked’ is closed to new replies.