Network site hacked
36 views
Skip to first unread message
Susie Nelson
Jul 9, 2012, 8:29:07 AM7/9/12
to mpls-stpaul-wordpress
I have a network setup - and the site keeps getting hacked. Those mean cruel people keep setting up new subdomain files. We changed the password, but it has happened again.
Any suggestions???
--
Susie Nelson
Small Business Consultant, Entrepreneur, and Sales Trainer
651-442-7268
Susie Nelson
Small Business Consultant, Entrepreneur, and Sales Trainer
651-442-7268
Shea Laughlin
Jul 9, 2012, 9:38:00 AM7/9/12
to mpls-stpau...@googlegroups.com
There are some basic things that you get do such as:
- Don't use "admin" as the administrator username
- Use plugins that limit login attempts (http://wordpress.org/extend/plugins/limit-login-attempts/)
- Ensure that your file permissions are locked down. For example: .htaccess, wp-config, wp-admin, and wp-includes can and "should" (my opinion) have different permissions than other files and directories. (http://codex.wordpress.org/Hardening_WordPress)
I had a few of my personal sites hacked into and learned the hard way. Unfortunately, it was a lot of trial and error. I would also recommend using http://sucuri.net/ to scan your site (free).
Susie Nelson
Jul 9, 2012, 9:49:51 AM7/9/12
to mpls-stpau...@googlegroups.com
THANK YOU!!!!!
--
You received this message because you are subscribed to the Google Groups "Minneapolis St. Paul WordPress User Group" group.
To view this discussion on the web visit https://groups.google.com/d/msg/mpls-stpaul-wordpress/-/A93JBl-0qGAJ.
To post to this group, send email to mpls-stpau...@googlegroups.com.
To unsubscribe from this group, send email to mpls-stpaul-word...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/mpls-stpaul-wordpress?hl=en.
Toby Cryns
Jul 9, 2012, 10:49:59 AM7/9/12
to mpls-stpau...@googlegroups.com
Susie,
Thanks!
Toby
On Monday, July 9, 2012 8:49:51 AM UTC-5, Susie wrote:
I had a site hacked over the weekend, and I am curious to know if there are any similarities to what I experienced - a malware link being added to certain files. What are/were your website's symptoms (example: links embedded into the footer, database hacked, etc.).
Thanks!
Toby
On Monday, July 9, 2012 8:49:51 AM UTC-5, Susie wrote:
THANK YOU!!!!!
On Mon, Jul 9, 2012 at 9:38 AM, Shea Laughlin <sheala...@gmail.com> wrote:
There are some basic things that you get do such as:
- Don't use "admin" as the administrator username
- Use plugins that limit login attempts (http://wordpress.org/extend/plugins/limit-login-attempts/)
- Ensure that your file permissions are locked down. For example: .htaccess, wp-config, wp-admin, and wp-includes can and "should" (my opinion) have different permissions than other files and directories. (http://codex.wordpress.org/Hardening_WordPress)
I had a few of my personal sites hacked into and learned the hard way. Unfortunately, it was a lot of trial and error. I would also recommend using http://sucuri.net/ to scan your site (free).
On Monday, July 9, 2012 7:29:07 AM UTC-5, Susie wrote:I have a network setup - and the site keeps getting hacked. Those mean cruel people keep setting up new subdomain files. We changed the password, but it has happened again.Any suggestions???
--
Susie Nelson
Small Business Consultant, Entrepreneur, and Sales Trainer
651-442-7268
--
You received this message because you are subscribed to the Google Groups "Minneapolis St. Paul WordPress User Group" group.
To view this discussion on the web visit https://groups.google.com/d/msg/mpls-stpaul-wordpress/-/A93JBl-0qGAJ.
To post to this group, send email to mpls-stpaul-wordpress@googlegroups.com.
To unsubscribe from this group, send email to mpls-stpaul-wordpress+unsub...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/mpls-stpaul-wordpress?hl=en.
Susie Nelson
Jul 9, 2012, 11:28:40 AM7/9/12
to mpls-stpau...@googlegroups.com
They actually got into the network and set-up a subdomain website - so it was a new user added (not with super or admin privileges), and a subdomain site in place. It's making me wonder if it is coming through the "blog copier" plugin - but since I'm a marketer - not a developer - who knows??
To view this discussion on the web visit https://groups.google.com/d/msg/mpls-stpaul-wordpress/-/QR5nCVOuP5sJ.
To post to this group, send email to mpls-stpau...@googlegroups.com.
To unsubscribe from this group, send email to mpls-stpaul-word...@googlegroups.com.
Toby C
Jul 9, 2012, 1:16:52 PM7/9/12
to mpls-stpau...@googlegroups.com
Susie,
----
Do you have access to your server logs? You might be able to figure out the ip address that created the new user and ban that IP using one of the plugins mentioned below.
Some other plugins you might install for security:
- WordFence
- Bad Behavior
- Audit Trail
- (there are some Multi-Site-specific ones, but I can't remember their names off-hand. Perhaps check WPMU.org)
Toby
Nick Ciske
Jul 10, 2012, 11:09:47 AM7/10/12
to mpls-stpau...@googlegroups.com
Are you sure registration of new sites is disabled?
On Monday, July 9, 2012 10:28:40 AM UTC-5, Susie wrote:
Where is it hosted?
On Monday, July 9, 2012 10:28:40 AM UTC-5, Susie wrote:
They actually got into the network and set-up a subdomain website - so it was a new user added (not with super or admin privileges), and a subdomain site in place. It's making me wonder if it is coming through the "blog copier" plugin - but since I'm a marketer - not a developer - who knows??
Reply all
Reply to author
Forward
0 new messages