Damm you Bangladesh Cyber Army!!

DampSquid

DampSquid

New member
Nov 22, 2011
48
0
0
Just got back from holidays and my site has been hacked by the "bangladesh cyber army"

They suggested that I fix the holes in my security, which is very nice of them!

Contacted my hosting provider and awaiting a response.

Just wondering has anybody been in a similiar postion and knows what doand how to get the site back to normal?

Also im running wordpress so its more then likely where the breech came from!
 


Yeah, a lot of people have the same problem with wordpress. There are actually a few things you can do to prevent those cunts from ever messing with you again (depending on your location)

Step 1: Hold a yard sale and sell everything valuable that you own.
Step 2: Buy two large wooden planks from lowes or the habitat store.
Step 3: Buy a LOT of wood + newspapers.
Step 4: Make a crucifix with your planks.
Step 5: Get your friends to nail you to the cross and lift you up high. Make sure this is at around 5am when the sun is just starting to rise.
Step 6: Get your friends to put all the wood and newspapers under your feet then light it. You won't die slowly and it will be from suffocation.

After about 1 week you'll be reborn as a wasp swarm in Bangladesh. Fly into a hackers' ears and sting their eardrums until they go mad.
 
Stop relying on your host, make sure you have monthly backups & yeah, if you use wordpress it's going to happen.
 
OP, Curious what version of Wordpress you are/were running.

Wordpress firewall plugin has saved my ass more than a few times.
 
its probably from a WP Plugin you have installed which is outdated/vulnerable.

PM if you would like help fixing it. I've fixed this same 'hacked site' problem for at least 20 clients.
 
MyOwnDemon said:
Block traffic from china, india, and russia if these are your wordpress sites that rely on north american traffic to make coin. Problem solved.
Click to expand...

This is not a "legit" block or way to solve the problem. Anyone from those countries will then use a proxy and still exploit your site (lol). Hackers are in every single country and continent.
 
(O_o) said:
This is not a "legit" block or way to solve the problem. Anyone from those countries will then use a proxy and still exploit your site (lol). Hackers are in every single country and continent.
Click to expand...

Might not be foolproof but it still stops most of the script kiddies, which are probably 99.99% of the particular problem of everyday wordpress installs being compromised or "hacked".

Chances are if you're just running a normal site you're not going to attract the attention of any serious hackers who give a shit anyway. They go after the really big sites, when they have an agenda to do so.
 
What version of Wordpress? The latest?
 
MyOwnDemon said:
Might not be foolproof but it still stops most of the script kiddies, which are probably 99.99% of the particular problem of everyday wordpress installs being compromised or "hacked".

Chances are if you're just running a normal site you're not going to attract the attention of any serious hackers who give a shit anyway. They go after the really big sites, when they have an agenda to do so.
Click to expand...

While yes, I understand what you are saying. 90%+ of these hacks are not originating out of the IP country you stated. the bangaderp kids are just using scripts to run massive scans on every IP range + known WP vulns. blocking IPs simply doesnt work. Its nearly impossible to block someone cracking your logins or scanning vulns who is using thousands of active US/CAN/UK botnet proxies ;)

its of no importance if your site is 'normal' or important. its the challenge of getting into it. then once in, they can sell it for $, trade it for hacking scripts, install shit on your hosting and log all your important info, extract emails and spam them, host a spam landing page on it and mail out 2 hit inbox. the list goes on and on. your level of importance does not matter, only your hosting. we are all vulnerable!
 
I don't use WP much these days, except for parasites. Here is what I got from a host a while back that could help:


- Update all scripts and plugins/components/modules/themes/templates on your account to the latest stable versions. Old applications can have serious security holes that allow exploits such as injections into pages that allow files to be uploaded to your account. The only way to maintain site security is by keeping all applications and scripts up-to-date.

- Change your main account's password along with any other passwords you have (mail accounts, FTP accounts). . It is recommended to create a complex password with alphanumeric characters using both upper and lowercase such as Aa1Bb2Cc3. Additionally, you would want to ensure that you do not use a password related to the domain name or site content.


- Avoid saving passwords in any software such as your FTP password. In your FTP client, please begin using TLS encryption for FTP transfers as that will encrypt the password during the data exchange. In FileZilla, this is supported by going to Site Manager and setting your server's type as "FTPES - FTP over explicit TLS/SSL"

- Scan your local computer for any viruses and trojans frequently. If you have not performed this task recently, please do perform a computer scan as soon as possible to ensure that computer is clean.

- We would suggest disabling remote file inclusions by inserting the following line in your public_html/php.ini file (if not file is there, you may create a new one):

allow_url_fopen=Off
allow_url_include=Off
disable_functions=popen,passthru,escapeshellarg,escapeshellcmd,exec,passthru,proc_close,proc_get_status,proc_nice,proc_open, proc_terminate,shell_exec,system,blob,exec,escapeshellarg,pfsockopen,stream_get_transports,stream_set_blocking
and to help prevent XSS attacks, add the following lines of code to your .htaccess file :
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index_error.php [F,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
 
(O_o) said:
its of no importance if your site is 'normal' or important. its the challenge of getting into it. then once in, they can sell it for $, trade it for hacking scripts, install shit on your hosting and log all your important info, extract emails and spam them, host a spam landing page on it and mail out 2 hit inbox. the list goes on and on. your level of importance does not matter, only your hosting. we are all vulnerable!
Click to expand...

Well that sounds like its gonna be a pain in the ass to fix!

My hosting provider (WF member) is trying to fix it but if he cant ill PM you later to see if you can fix it, thanks!
 
seohug said:
I don't use WP much these days, except for parasites. Here is what I got from a host a while back that could help:


- Update all scripts and plugins/components/modules/themes/templates on your account to the latest stable versions. Old applications can have serious security holes that allow exploits such as injections into pages that allow files to be uploaded to your account. The only way to maintain site security is by keeping all applications and scripts up-to-date.

- Change your main account's password along with any other passwords you have (mail accounts, FTP accounts). . It is recommended to create a complex password with alphanumeric characters using both upper and lowercase such as Aa1Bb2Cc3. Additionally, you would want to ensure that you do not use a password related to the domain name or site content.


- Avoid saving passwords in any software such as your FTP password. In your FTP client, please begin using TLS encryption for FTP transfers as that will encrypt the password during the data exchange. In FileZilla, this is supported by going to Site Manager and setting your server's type as "FTPES - FTP over explicit TLS/SSL"

- Scan your local computer for any viruses and trojans frequently. If you have not performed this task recently, please do perform a computer scan as soon as possible to ensure that computer is clean.

- We would suggest disabling remote file inclusions by inserting the following line in your public_html/php.ini file (if not file is there, you may create a new one):

allow_url_fopen=Off
allow_url_include=Off
disable_functions=popen,passthru,escapeshellarg,escapeshellcmd,exec,passthru,proc_close,proc_get_status,proc_nice,proc_open, proc_terminate,shell_exec,system,blob,exec,escapeshellarg,pfsockopen,stream_get_transports,stream_set_blocking
and to help prevent XSS attacks, add the following lines of code to your .htaccess file :
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index_error.php [F,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
Click to expand...

Wow, alot of info there ill try to work my way through it!
 
Quick Update,

Host sent me this email
It seems that your site has been hacked. We think its an issue with the wordpress contents. The Wordpress theme magomra have been effected. The bugs have been removed for now and the site is loading fine.Please note that your Wordpress applications are outdated kindly update it to the latest one and remove all unnecessary extensions. When you choose to install extensions, make sure that they are from trusted sources.
Click to expand...

So my problem now is that I cant log into my wordpress admin area as my password has been changed and I cant reset the password as the email has been changed!

Those damm crafty indians!
 
The WF members name wouldnt begin with a C would it? I had the same issue and the same bullshit response from support although they changed the name of teh theme to one I was using, its a weak excuse and not how they got in. What you need to do is log into cpanel and go to phpmyadmin then go to the wp_user table in the database and change the admin username and password (select MD5 from the dropdown next to it) and the email. You will get access back then. Then log in to yourdomain.com/wp-login.php and re-upload your theme. Then update WP to latest version
 
I remember my first time, it made me feel all dirty and violated. I asked myself what did I do to make this happen.

Was I asking for it?

Did my past life cause me to have this dirty vile action to take place?


Lucky for me, it happened in jail and no one really...


oh, shit you're taking about your sites got hacked..

I was only joking. Never been raped in jail. aha

Been hacked before, though.
 
butcher said:
The WF members name wouldnt begin with a C would it? I had the same issue and the same bullshit response from support although they changed the name of teh theme to one I was using, its a weak excuse and not how they got in. What you need to do is log into cpanel and go to phpmyadmin then go to the wp_user table in the database and change the admin username and password (select MD5 from the dropdown next to it) and the email. You will get access back then. Then log in to yourdomain.com/wp-login.php and re-upload your theme. Then update WP to latest version
Click to expand...


FUUUUUUUCK im so close to fixing this thing but i just cant get it.

The way to fix this is definitely what you suggested, but when I select MD5 from the drop down menu it changes the user/pass/email to some shit like "g23hi48dsf94&80bjN"

I am selecting MD5 for user/pass/nickname/email/display_name is this wrong? Should it be just one field? every field?

Also should the ID be 0 or 1?
 
You must log in or register to reply here.
Top Bottom