my server was hacked!!!

hguerrah59

Member
Jul 10, 2019
103
23
18
Despite the note that Babiato files are virus-free, I have suffered an attack from malware that has left me 13 unusable websites. Can someone around here help me clean and secure the websites?:cautious:
 

tuton012

Strive for progress, not perfection
Babiato Lover
Trusted Uploader
May 23, 2019
1,607
2,060
120
Near You
can you go into more details? such as what plugins and theme you were using were you downloaded them what security plugin you were using and what malware your getting that way we can t look at the problem better
 

hguerrah59

Member
Jul 10, 2019
103
23
18
I download all the plugins from babiato. There are 13 different sites, two use Creta, others use elementor flower kit, camellia etc. for wpcerber security
 

AnormaL

Active member
Dec 26, 2019
163
68
28
The sites were filled with files: .htaccess (deny all)
folders, subfolders, etc
What hosting company are you using? Does all 13 sites are affected ? Are all 13 sites hosted in the same hosting account/server account? any screenshot of your hacked website?
 

bulqr4eto

New member
Apr 17, 2020
18
7
3
Bulgaria
Iv been hacked before and I never heard of someone uploading just htaccess with deny all (mostly got all deleted or redirected indexes)... But my hosting provider did it for using nulled scripts also there is also a chance for the script owner to find out you are using nulled version of his code and backdoor it... But please be more specific give us the links of the scripts you were using also give us some screenshots we cant help otherwise.
 

AnormaL

Active member
Dec 26, 2019
163
68
28
the provider: mochahost. all are in the same accunt. I can't provide screenshot because cant'n access to my account
Just try and check every directory in any of your websites I think you have a PHP shell uploaded in one of the websites and the hacker have taken the control of all your websites with just that file. This can happen not only because a theme or plugin is infected, but it can also happen just because a plugin have a bug on it and not because it is nulled or not. I suggest you to transfer your websites with Namecheap hosting. They are really secure and even if someone can upload a shell, or you upload an infected theme / plugin / script their system will automatically detect it and quarantine the infected file.
 

Freshy

Active member
Sep 6, 2019
173
32
28
Abuja
The mistake you made is that you never use wordfence plugin to protect your site from all manner of attack...

That is what I do normally when I used null plugin..

I do use less null plugin also..I don't make all theme or plugin hmm!! Null plugin..


Stay bless
 

Mannu

Active member
Mar 27, 2020
196
113
43
Can you please provide enough details like domain name, plugins which are being used etc...
 

King Kong

Active member
Trusted Uploader
Aug 14, 2020
275
178
43
No Country for Old Men !
1610824211731.png

Been a few days on a cloud hosting. I started seeing many such attempts from USA / Canada / Japan / Russia (almost at an interval of 20secs) to try to login/access my website/admin panel. Although Cloudflare is doing it best to block them as per the screen shot. I wonder why are all these attempts being made or are they normal ? Website is not yet released to the world. Pls advice ---> I have it as best possible covered using the protocols at Cloudflare Firewall using my Static IP my Servers are proxied as well.

I have seen many GET posts from my own server using wp-cron or wp-ajax calls.
 

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu