Jump to content

Two Of My Sites Hacked


442GlenwoodAvenue

Recommended Posts

Well, someone has been trying to hack two of my Wordpress sites for several weeks. I was getting several notices from iThemes Security. They could never get even close to the username and password. IP location showed multiple places around the world. Over the last couple of days, they started some sort of scanning for vulnerable files - again I was notified by iThemes Security. I had security set pretty high, even one 404 and they would get locked out permanently. Even two wrong guesses on username and password, and they were locked out permanently.

 

None the less, they somehow got in this morning at www.doman1.com and www.domain2.com. Fortunately, I had everything backed up with iThemes Backup Buddy (including data base), and I was back up within an hour (for one site).

 

Problem is - if i don't know exactly how they got in, I don't know that they can't hack my site again.

 

Therefore, I don't know where to go from here - to avoid it again?

 

The message left on my main page (both sites)

hacked.jpg

Edited by TCH-Bala
removed domain name from response to protect identity
Link to comment
Share on other sites

Thanks, I will turn in a ticket if they mange to hack it again.

 

For now, I've re-installed my website using iThemes backup buddy (a great program), which didn't take long. Before doing that, I deleted every single file in the public_html folder to make sure a backdoor wasn't left behind. And of course, I changed by username and password again. Once my website was re-installed, I increased security even more. Below is the logs from this morning. They are scanning for xmlrpc.php holes. I've now disabled xmlrpc in iThemes Security. I've also increased the 404 error setting to one try (before their IP is banned permanently), forcing them to use a different IP everytime. You can also see they are also looking for plugin weaknesses.

 

404 Error

2017-02-22 15:14:54

105.101.253.141

/xmlrpc.php

 

Details

404 Error

2017-02-22 14:20:36

151.54.110.228

/xmlrpc.php

 

Details

404 Error

2017-02-22 13:54:34

73.156.99.48

/xmlrpc.php

 

Details

404 Error

2017-02-22 13:14:08

70.123.197.115

/xmlrpc.php

 

Details

404 Error

2017-02-22 13:12:14

49.149.40.237

/xmlrpc.php

 

Details

404 Error

2017-02-22 13:09:49

84.122.157.63

/xmlrpc.php

 

Details

404 Error

2017-02-22 12:47:26

180.191.138.122

/xmlrpc.php

 

Details

404 Error

2017-02-22 12:25:01

89.203.249.166

/xmlrpc.php

 

Details

404 Error

2017-02-22 12:09:31

187.154.193.188

/xmlrpc.php

 

Details

404 Error

2017-02-22 11:54:19

49.148.93.0

/xmlrpc.php

 

Details

404 Error

2017-02-22 11:34:00

46.177.16.147

/xmlrpc.php

 

Details

404 Error

2017-02-22 10:46:03

93.149.251.212

/xmlrpc.php

 

Details

404 Error

2017-02-22 10:28:39

166.62.90.110

/wp-content/plugins/cherry-plugin/admin/import-export/wp-xml.php

 

Details

404 Error

2017-02-22 10:20:49

116.44.82.81

/xmlrpc.php

 

Details

404 Error

2017-02-22 10:02:56

114.76.133.108

/xmlrpc.php

 

Details

404 Error

2017-02-22 09:46:57

104.131.54.177

/index_old.php

 

Details

404 Error

2017-02-22 09:44:36

203.215.33.62

/xmlrpc.php

 

Details

404 Error

2017-02-22 09:44:14

104.131.54.177

/database.php

 

Details

404 Error

2017-02-22 09:43:11

104.131.54.177

/include.class.php

 

Details

404 Error

2017-02-22 09:25:32

202.46.3.26

/xmlrpc.php

Edited by 442GlenwoodAvenue
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...