Site Hacked

UpdraftPlus Home Forums Paid support forum – UpdraftPlus backup plugin Site Hacked

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • August 17, 2014 at 7:45 pm #24234
    KK
    Participant

    Hi David,

    I got few of my sites hacked today, and two of them had updraftplus, the host (webhostinghub) support told me that on these two sites only files affected were of updraftplus, following are the files

    site1:
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/File/X509.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/File/ANSI.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/File/ASN1.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SFTP/Stream.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SFTP.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SCP.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SSH1.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SSH2.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/RSA.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Random.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/RC4.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Twofish.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Base.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/AES.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/TripleDES.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Hash.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/DES.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Rijndael.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/RC2.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Blowfish.php
    ./public_html/mysite.com/wp-content/plugins/updraftplus/readme.txt

    site2:
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/File/X509.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/File/ANSI.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/File/ASN1.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SFTP/Stream.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SFTP.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SCP.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SSH1.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Net/SSH2.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/RSA.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Random.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/RC4.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Twofish.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Base.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/AES.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/TripleDES.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Hash.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/DES.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Rijndael.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/RC2.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/includes/phpseclib/Crypt/Blowfish.php
    ./public_html/mysite2.com/wp-content/plugins/updraftplus/readme.txt

    Do you have any idea why this happened, was this because of updraftplus (I don’t say it but just asking) and can you recommend some plugin to scan / protect wordpress sites from happening this again (I know its not your part but would appreciate if you can help).

    Looking forward to hear from you.

    Thanks

    August 18, 2014 at 9:20 am #24359
    udadmin
    Keymaster

    Hi Karim,

    Many hacks will attempt to infect every file they can find that has write-permissions allowing them to do so. My initial guess would be that another website on the same box got hacked, and only those files in your install were writable by another user. If you read the code of those files, you’ll see they’re all library code – there’s nothing directly runnable by an external user in them. So the point of intrusion is elsewhere. The web hosting company can find out, if they’re motivated to – they can trace timestamps, and HTTP requests in their Apache logs. It usually takes an hour or two (I speak as someone who’s done this many times) – it’s dull, but can be done.

    David

    August 19, 2014 at 5:50 pm #24699
    KK
    Participant

    Hi David,

    Thank you for answering this, I totally agree with you.

    Can you recommend any wordpress plugin that can at least protect my sites from being hacked or being difficult to hack by fixing permissions, user passwords, etc.?

    Looking forward for your help.

    Thanks

    August 19, 2014 at 8:24 pm #24722
    udadmin
    Keymaster

    Hi Karim,

    If you did get hacked through another site, then that means the web hosting setup is insecure – you should ask them about that. Properly set up web hosting shouldn’t allow one user-level account to be able to hack another.

    I like BruteProtect for login protection. I’ve not used any of the big security plugins, but when I’ve seen them on other peoples’ sites, WordFence has been the one that I’ve thought most highly of.

    Best wishes,
    David

    August 21, 2014 at 5:43 pm #25157
    KK
    Participant

    Thank you so much :)

    October 9, 2014 at 6:03 pm #40881
    Garry
    Participant

    I offer hosting to a number of clients and watch out after things. Security is a big deal for me and too many people were getting hacked, though none were in the hosting I provide.

    Short of it is that I spend a good deal of time researching WordPress security.

    Your first and best defense is a great set of backups. I’ve settled on UpDraftPlus of this.

    There are a lot of ways to approach what I’d call a “security lockdown” but the best by far that I found for the majority of WP users is a plugin called “All In One WP Security & Firewall” – https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

    It’s clear and leads you through plugging all the common “holes” in WP installation.

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • The topic ‘Site Hacked’ is closed to new replies.