Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me Find My Vulnerability


  • Please log in to reply
4 replies to this topic

#1 Dapedia

Dapedia

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 09 September 2014 - 12:33 PM

Hello community and computer experts!

 

I would describe myself as an experienced PC user, never visit malicious sites, almost rarely download stuff and if I do, only from secure sites and so on. I host a few websites for myself (self-hosted Wordpress) and today was the second time in 2014 that one of my sites got "hacked".

 

1. There were 3 PHP-files in the root directory (named like z6ag5azy.php) which Google automatically detected as malware and sent me a mail to check my site. I instantly removed the files and everything is fine again.

 

2. The second incident happened a few months ago and was different from the one today. Someone put a script in my header.php - my hosting system automatically detected and removed it.

 

I'm not asking for specific help for the 2 hacks, it's all fixed now. But I need help to find my flaw, because I don't want this to happen again. Here's a list of things that come to my mind:

 

- I use Skype and have many contacts. Could that be a problem?

- Antivir and everything is installed, my PC seems 100% fine. Never had issues with malware or stuff on my computer.

- My website (Wordpress) install was one update (3.9 instead of 4.0) behind. I immediately updated now.

- I use FileZilla for uploading the files onto my webserver.

- I pay alot for hosting my website, I don't think it has something to do with their server security.

 

What do you think seems most plausible, how could those 2 hacks on my website happen? The thing I ask myself is, if the hacker had access to my whole webserver, why did he only upload and change those 3 files at the one website? No other projects/directories were touched.

 

Every help is appreciated!



BC AdBot (Login to Remove)

 


#2 kokomodrums

kokomodrums

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:02:40 AM

Posted 09 September 2014 - 12:50 PM

I would say the most obvious vulnerability would be your passwords. Use a site like https://howsecureismypassword.net/ to judge how strong a password is. Also, I would use different passwords for each site, so that if one IS compromised, the others are not.

 

Make a list of all the passwords used; Worpress admin login, FTP login, etc. These should all be strong and unique passwords.

 

Because you are using Wordpress, I would "assume" that you don't have a security hole on the actual site. But if you are using any third party Wordpress plugins, they may be introducing a vulnerability. Go over your list of plugins and make sure they all come from "trusted", highly-rated sources.


-- Matt


#3 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:07:40 AM

Posted 09 September 2014 - 01:46 PM

This report from just over a month ago was quite worrying.. It would appear that security issues on other sites on the same host can cross contaminate other sites.

 

http://www.theregister.co.uk/2014/07/24/50000_sites_backdoored_through_shoddy_wordpress_plugin/

 

eeeeekkkkkkk!!!!

 

x64



#4 Dapedia

Dapedia
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 09 September 2014 - 01:54 PM

Hey Matt! Thanks for your quick reply.

 

To be honest, passwords are the last thing I would have thought about as a security loop. I use a different password for literally everything. On your linked website it tells me that it would take about 300 days for a desktop PC to crack my password. I really thought it would be more safe. Going to make them more secure now, even tough I don't think my site got hacked through my password. Since you obviously have knowledge about Wordpress, do you really think there are people out there bruteforcing passwords and being successful with it in my case?

 

The funny thing is, because you mentioned plugins: I tried to avoid them as much as I could and only used 2 plugins in my whole life. Unfortunately I completely forgot about them, didn't update them in the last months. Just as I got hacked today I instantly deleted them. I would love to believe that the plugins were the reason I got hacked.

 

Thanks again!

 

EDIT:

 

This report from just over a month ago was quite worrying.. It would appear that security issues on other sites on the same host can cross contaminate other sites.

 

http://www.theregister.co.uk/2014/07/24/50000_sites_backdoored_through_shoddy_wordpress_plugin/

 

eeeeekkkkkkk!!!!

 

x64

 

Hey x64, thanks for the link. I didn't hear about that story. Could that really have happened in my case when I got hacked today? I would think things like that get fixed by hosters real quick.


Edited by Dapedia, 09 September 2014 - 01:57 PM.


#5 kokomodrums

kokomodrums

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana
  • Local time:02:40 AM

Posted 09 September 2014 - 02:36 PM

On your linked website it tells me that it would take about 300 days for a desktop PC to crack my password.

 
Yeah, with that particular site, I like to see a password take X quintillion years...lol.
 

Since you obviously have knowledge about Wordpress, do you really think there are people out there bruteforcing passwords and being successful with it in my case?

 
It is very likely: http://codex.wordpress.org/Brute_Force_Attacks
 
Don't forget to check your FTP passwords as well!

Edited by kokomodrums, 09 September 2014 - 02:36 PM.

-- Matt





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users