Someone redirected my network to illegal shit

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • kurtov
    Confirmed User
    • Dec 2007
    • 347

    #1

    Someone redirected my network to illegal shit



    So pissed. I'd appreciate anyone's advice on this matter.

    Iv'e got a team resolving the problem as we speak, detecting problem files and cleaning the sites. The majority of the sites are wordpress. My questions are:

    1> What are some effective ways to prevent this from happening in the future? Im running all of the sites through CloudFlare and updating the sites on a regular basis (plugins/ themes). What are some good, reliable security options?

    2> I use Wordfence security. It told me many times that someone was locked out for trying to log in from San Francisco. Is there any way i can track this dirt bag down?

    Any other advice to beat this problem would be super appreciated.

    Thanks kindly GFY
    Skype - Kurtovxxx
  • xXXtesy10
    Fakecoin Investor
    • Jul 2012
    • 7127

    #2
    WARNING: Stay Away From Marlboroack aka aka Brandon Ackerman
    http://gfy.com/21169705-post8.html
    Donny Long is Felon, Stalker, Scammer & Coward
    http://www.ripoffreport.com/reports/...lon-int-761244

    Comment

    • teg0
      Confirmed User
      • Jan 2006
      • 4204

      #3
      1. Keep Wordpress up to date.
      2. Don't depend too heavily on plugins. It's plugins that are usually exploited.
      3. Don't use any sort of pirated theme. If it's a premium theme, make sure it's one you've paid for and downloaded from the seller.
      4. Hide the Wordpress version number from showing up in the source code. This keeps scripts from crawling around looking for a specific Wordpress version to exploit. (The Right Way to Remove WordPress Version Number)
      5. Don't use Wordpress on sites that don't really need to be Wordpress.
      6. Make sure you're not hosting with some noob company that has you on a shared server that isn't secured enough where someone else's site's exploit can effect your site too.

      Sounds like you're doing the right things so it's probably just some plugin that has an exploit. Everyone is far too dependent on Wordpress, but I understand why. It's just easy pickings for exploits and traffic redirects.

      Comment

      • DVTimes
        xxx
        • Jun 2003
        • 31650

        #4
        Make sure your not using admin as your login.
        XXX

        Comment

        • kurtov
          Confirmed User
          • Dec 2007
          • 347

          #5
          Originally posted by teg0
          4. Hide the Wordpress version number from showing up in the source code. This keeps scripts from crawling around looking for a specific Wordpress version to exploit. (The Right Way to Remove WordPress Version Number)
          6. Make sure you're not hosting with some noob company that has you on a shared server that isn't secured enough where someone else's site's exploit can effect your site too.
          Man thanks.
          The other stuff im already doing but,
          Hiding Wordpress versions is a great idea. thanks for the link
          I host with godaddy, who just hung up on me. Thinking about buying their security thing, dunno if its garbage or not.
          Skype - Kurtovxxx

          Comment

          • 3xmedia
            Confirmed User
            • Apr 2004
            • 5736

            #6
            lol using GD for hosting is retarded, it's even more retarded than using GD for domains
            ---

            Comment

            • Freedom6995
              Friends of Venus founder
              • Jul 2010
              • 1975

              #7
              Limit access via a .htaccess file in wp-admin

              Comment

              • kurtov
                Confirmed User
                • Dec 2007
                • 347

                #8
                Originally posted by Freedom6995
                Limit access via a .htaccess file in wp-admin
                This is a great suggestion. Thank you.
                Skype - Kurtovxxx

                Comment

                • kurtov
                  Confirmed User
                  • Dec 2007
                  • 347

                  #9
                  Originally posted by 3xmedia
                  lol using GD for hosting is retarded, it's even more retarded than using GD for domains
                  Which host would you recommend?
                  Skype - Kurtovxxx

                  Comment

                  • deonbell
                    Confirmed User
                    • Sep 2015
                    • 1045

                    #10
                    What type illegal stuff redirecting too?

                    I agree with protecting access to wp-admin with htaccess.

                    Comment

                    • j3rkules
                      VIP
                      • Jul 2013
                      • 22101

                      #11
                      Originally posted by teg0
                      1. Keep Wordpress up to date.
                      2. Don't depend too heavily on plugins. It's plugins that are usually exploited.
                      3. Don't use any sort of pirated theme. If it's a premium theme, make sure it's one you've paid for and downloaded from the seller.
                      4. Hide the Wordpress version number from showing up in the source code. This keeps scripts from crawling around looking for a specific Wordpress version to exploit. (The Right Way to Remove WordPress Version Number)
                      5. Don't use Wordpress on sites that don't really need to be Wordpress.
                      6. Make sure you're not hosting with some noob company that has you on a shared server that isn't secured enough where someone else's site's exploit can effect your site too.

                      Sounds like you're doing the right things so it's probably just some plugin that has an exploit. Everyone is far too dependent on Wordpress, but I understand why. It's just easy pickings for exploits and traffic redirects.
                      Also create a strong passwords for your sites using ambiguous, lower and uppercase characters et cetera.

                      Comment

                      • kurtov
                        Confirmed User
                        • Dec 2007
                        • 347

                        #12
                        Originally posted by jerkules
                        Also create a strong passwords for your sites using ambiguous, lower and uppercase characters et cetera.
                        Yes i do that. But totally noobiated on having admin as a user name. It's like we were beckoning hackers.
                        Skype - Kurtovxxx

                        Comment

                        Working...