My site has been hacked and brought down TWICE in the last 24 hours.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • skirtcake
    Registered User
    • Jul 2014
    • 95

    #1

    My site has been hacked and brought down TWICE in the last 24 hours.

    I own and run MormonGirlz.com. We're getting seriously attacked and while I'm working on increasing my security (Cloud Flare) I'm also wondering how to track down whoever is doing this. Isn't it highly illegal? Any thoughts on what I can do?

    Thanks for your help!
    * mormongirlz.com
    * twitter.com/mormon_girlz
    * mormon-girlz.tumblr.com
  • DamnSexy
    The one and the only
    • Aug 2015
    • 633

    #2
    Originally posted by skirtcake
    Any thoughts on what I can do?
    If your website was hacked, means your code is not secure, you should first take a look there, to see which part was exploited.

    You are using a Free cloudflare plan ?

    Comment

    • skirtcake
      Registered User
      • Jul 2014
      • 95

      #3
      Yep, on it. And I'm not sure what cloudflare plan I will use. Haven't done it yet. Recommendations?
      * mormongirlz.com
      * twitter.com/mormon_girlz
      * mormon-girlz.tumblr.com

      Comment

      • pornsprite
        Confirmed User
        • Dec 2009
        • 1643

        #4
        I like the concept
        Go Fuck Yourself

        Comment

        • j3rkules
          VIP
          • Jul 2013
          • 22111

          #5
          Any site can be hacked if enough time and effort are put in. Therefore, your site security also needs to address the need to backup your site to be able to recreate it.

          To remove your site from what hackers consider "Low Hanging Fruit" do the following:
          No usernames should be admin and no passwords should be similar to the site name or have dates associated with you personally.
          Keep Wordpress, your plugins and your theme updated to the newest versions.
          Turn off comments completely. This is optional but strictly for site security, it is preferable.
          Be sure you are backing up your site frequently as well.

          Comment

          • nightslit
            Confirmed User
            • Oct 2013
            • 226

            #6
            If you are using wordpress I recommend WordFence and also to relocate the login page (all cms are having the same url structure). Then I would also change all passwords/usernames. Another thing to do is setting up cloud fare as you mentionned, the détails for each plan are on their website. But even normal (free) plan are more secure as all traffic il filtred a minimum.
            Then why not looking into the connection logs (in your cpanel) and see what ip adress caused this? Then blocking the ip will be simple.. (or the domain/internet seller).
            email: [email protected] email me for link trades/hardlink exchanges
            ICQ : 665974711
            my sites: http://hardcoreteenfuck.com

            Comment

            • marlboroack
              So Fucking Banned
              • Jul 2010
              • 9327

              #7
              Hire a security team

              Comment

              • ketheriel
                Registered User
                • Nov 2016
                • 8

                #8
                Being attacked is one thing, being owned is another; While DDoS/DoS can be countermeasured by your operator and as a last line of defense, yourself (or your bofh), being owned usually means someone exploited your code either through SQL injection or other security vulnerability. Finding the full extent of an infiltrated server can take some time and is a very demanding task. There are scripts which might work up to a point, but usually the diagnosis and post mortem are done with the file system on read only and by comparing the hashes of the files with a network copy/backup.

                While I might help this one time for the fun of it (assuming it's a POSIX compliant system), I won't fix other peoples code.

                Message me if you want my skills on this one!

                Comment

                • nosaint
                  Confirmed User
                  • Jan 2017
                  • 29

                  #9
                  I don't think you can track them down just because they attack your website. They usually do this using lots of other hacked sites/servers. Probably you could track them only after being hacked if they are stupid enough to leave any traces.

                  But, the questions is... what does "seriously attacked" means? Is it a DDOS attack? Then it means they simply want to disrupt your services. That is usually the competition.
                  Are they trying to find exploits? Are they trying to access your admin area using a dictionary attack?
                  Buying /Selling Adult Traffic
                  Skype: [email protected]

                  Comment

                  • j3rkules
                    VIP
                    • Jul 2013
                    • 22111

                    #10
                    11-03-2015

                    This is an old thread. Why you even respond to that?


                    Comment

                    • bns666
                      Confirmed Fetishist
                      • Mar 2005
                      • 11554

                      #11
                      probably to reach 30 posts so he can post urls
                      CAM SODASTRIPCHAT
                      CHATURBATEX LOVE CAM

                      Comment

                      • redsfv89
                        Confirmed User
                        • Oct 2013
                        • 221

                        #12
                        I hate to tell you this

                        I hate to tell you this, but I am a former hacker, and I deal with sites and security consulting now. First off it's wordpress, or Joomla you got problems. and if you are hiding behind cloudflare does know good, it's still possible to get your physical ip address, and that is the flaw with cloudflare, contact me on skype: john.sexmex I can help you.


                        Originally posted by skirtcake
                        I own and run MormonGirlz.com. We're getting seriously attacked and while I'm working on increasing my security (Cloud Flare) I'm also wondering how to track down whoever is doing this. Isn't it highly illegal? Any thoughts on what I can do?

                        Thanks for your help!
                        Tony "Motha Fuckin" Montana @ EXPOSEDLATINAS.COM

                        Comment

                        • yuu.design
                          Too lazy to set a custom title
                          • Mar 2006
                          • 25924

                          #13
                          sad to hear
                          Beautiful And Usable Web Design Creations For The Adult Industry Since 2003
                          I'm Yuu, Designer and Content Producer

                          Paysites - Affiliate Programs - Dating & Cam Sites - Mainstream Projects - Tube Sites - Banners - Wordpress Themes - NATs integration - Landing Pages

                          Check my Portfolio and Content Production Offers

                          Comment

                          • xXXtesy10
                            Fakecoin Investor
                            • Jul 2012
                            • 7127

                            #14
                            Originally posted by redsfv89
                            I hate to tell you this, but I am a former hacker, and I deal with sites and security consulting now. First off it's wordpress, or Joomla you got problems. and if you are hiding behind cloudflare does know good, it's still possible to get your physical ip address, and that is the flaw with cloudflare, contact me on skype: john.sexmex I can help you.
                            WARNING: Stay Away From Marlboroack aka aka Brandon Ackerman
                            http://gfy.com/21169705-post8.html
                            Donny Long is Felon, Stalker, Scammer & Coward
                            http://www.ripoffreport.com/reports/...lon-int-761244

                            Comment

                            • Duckers
                              Confirmed User
                              • Dec 2016
                              • 38

                              #15
                              that's funny

                              Comment

                              • gamejump
                                Registered User
                                • Sep 2011
                                • 31

                                #16
                                see even the wordpress are gets hacked
                                you have not mentioned on which cms your site is
                                Bollywood Nudes ! Indian Porn Videos ! Kamapisachi ! Savita Bhabhi ! antarvasna

                                Comment

                                • magneto664
                                  God Bless You
                                  • Aug 2014
                                  • 1470

                                  #17
                                  Originally posted by skirtcake
                                  Yep, on it. And I'm not sure what cloudflare plan I will use. Haven't done it yet. Recommendations?
                                  Cloudflare don't save your ass from hackers!
                                  1. Always update your wordpress ASAP.
                                  2. Keep updated plugin
                                  3. Remove old plugins and try find paid solutions
                                  4. buy https://codecanyon.net/item/hide-my-...dpress/4177158
                                  5. use backup system to restore working version when you need it.
                                  magneto664 📧 gmail.com
                                  Cams.Zone 💘 Best CDN for Adult Content
                                  My Fav: 👍 Chaturbate 👍 Stripchat 👍 AdultFriendFinder

                                  Comment

                                  Working...