You don’t expect it to happen to you. The website was hacked. That’s our best thing. And that was what happened to me last week, so I’ll know. To make matters worse, the IP address of my website is also in the screening list. That is, my site and all sites that use the IP hosting account are displayed as spam. Unless the e-mail is returned, it cannot be sent, the search engine rankings begin to plummet, and visitors cannot visit my site unless they are infected with a virus. What. Nightmares. Fortunately, I can test my website, identify problems, find and remove hackers, and then remove my website from the block list. The
Today, I will show you the process used to organize my website, so that you can also modify your website. You don’t need to be too enthusiastic about modifying DIY. We’ll show you some great plug-ins that you can use to perform tasks. There are many reasons why my website has been hacked. This may be as simple as a hacker having a weak password that is easy to guess, or as complex as not having a firewall or security plug-in installed. But you may want to know why someone wants to hack your website. This can be particularly confusing if your site doesn’t generate as much traffic as twitter or instagram. The
Wordpress According to the data of www.wordpress.org and w3techs, there are 60million sites on the web based on WordPress, accounting for about 25% of the whole web. These popular CMS become attractive targets for hackers, especially when all the code is provided to the public for free. It’s easy for me to be surprised, but I’m sure WordPress seems to be the most popular with hackers, but other CMS such as Drupal and Joomla will also be affected. WordPress security: the difference between fact and value WordPress is security update. Each time a major security vulnerability is found, it will be rolled back automatically, so it is a safer choice for the site. However, you still have the responsibility to protect your site and take measures to ensure its security. The
The US national vulnerability database shows that the plug-ins available in the directory and external sources are the largest security vulnerabilities since the publication of WordPress. The second problem is with other elements, such as custom scripts. The WordPress core found security vulnerabilities, but only 5.5% of all known concerns at the time of writing. This is still a problem because w3techs found that more than 17.8% of WordPress sites are not up-to-date. The
For the rest of us, most of these vulnerabilities have now been completely resolved, but from this perspective, the history of WordPress has illuminated the actual security issues related to WordPress and unrelated to the platform. Itself. Back to the reason why I was attacked by hackers… In my case, the website hosted by VPS was not updated regularly, so it was attacked by hackers. The website was set up for temporary solution, so it was postponed. I know it’s really irresponsible. I’m not arguing, I’m just explaining. Not only that, I didn’t take special security measures. You did not install the security plug-in, or you only limited the login page to my IP address, or you did not back up my site. In fact, the only thing I did right was to choose a user name and set a strong password instead of \
This is because the website that should have been deleted a long time ago has affected many other websites on my server.
Very dangerous. The hacker used this site to visit two other sites. Please talk about headache. Fortunately, other sites have enabled security plug-ins and quickly detected overflows. Everything will be ready in an hour. So yes, although I was attacked by hackers, I was very lucky this time. If my other websites are not secured, I don’t even know what’s wrong. Hackers may affect all websites on the server. Not only my server, but all other sites that use the same VPN. The
Many people share the same server, so shared hosting has the same risks. The only exception is a dedicated server. If a website is infected, even if you are the only one who uses the server, you may also infect other websites you own. In order to avoid hacker attacks, the following things I must do are the best (basic) things I can do to keep the website safe. WordPress, scripts, themes and plug-ins are kept up to date, themes and plug-ins are selected from reliable sources, and the site is managed through a reliable hosting provider. If possible, select a dedicated server. Regularly back up the entire site, including powerful password usage files and databases, rather than \
For more information, please check WordPress security: attempts and practical skills of WordPress security, 12 ways to protect WordPress sites that may be ignored, and the malicious history of WordPress security and its contents. The average value of your site. So let’s take a look at some of the most common ways that hackers can invade and damage WordPress websites. The back door shutter is a nightmare I have to deal with recently. Backdoor overflow may affect multiple sites on the server, so it is one of the more difficult and cruel attacks. The
Hackers use scripts that can access sites and servers at any time to store files on the server. Hackers do not enter the website like others through the front-end login page, but through the back door they create. These added files are often named to make them look like part of the core of a normal word press. For example, the file name is users WP. PHP, php5 PHP or similar. Without a security plug-in installed to notify changes, it may be difficult to know when it happens. However, there are several different things that can imply such hacking attacks. One is that when you try to access the front or back end of the site, a browser error message may appear. You may be prompted to confirm that the site is secure before continuing loading. The
When you try to access your website, if an error message suddenly appears that your website access is unsafe, you may be attacked by hackers. When visiting the site, the background malicious behaviors often include inserting code into existing files, or generating new files running malware, Trojan horse and other viruses when visiting the site. Therefore, the anti-virus in the operating software may warn of potential threats. In addition, the email sent by the server will return a default SMTP 550 error message. Depending on the e-mail server you are connecting to, you may explain the problem in more detail. The returned message may list links to websites that block sites or IP addresses. The
In the future, I will use this information to do something, and show you how to sort out this mess. But now, let’s take a look at several different ways that websites can be damaged.
Let me see. Have you noticed that you have visited or linked to your website that restricts hackers, but there is a strange text full of links that have not been put there? This is caused by restricting or restricting hackers. Text and links usually refer to junk websites, shadow websites that sell a variety of goods, from fake watches and wallets to prescription drugs such as Viagra or Siberia. This usually happens when a hacker inserts scripts into a file in the page title, but it is not always the case because they may appear in all locations of the file. Links and text inserted with scripts can also be hidden in the view. If hackers invade the site, suspicious results will appear when searching the site on Google. The trick of restraining hackers is that when you surf the web closely related to the inserted script, you may suddenly see advertisements. You didn’t even search the item directly. Go to Google and visit site:yourdomain. Com enter site:yourdomain. COM, yourdondomain. Replace com with your own website URL and find the results. The results can only display site related titles and descriptions. Although links containing spam descriptions or titles will be displayed, if the website is attached here, it will be attacked by hackers. Update Facebook status through the site link, and you will see the content displayed on this page. If the description or title in the link preview shows spam, it indicates that it has been hacked, so you cannot click this button to publish the status. For inserted scripts and modification methods, there is a common problem before moving to the advanced technology of the test site. Malicious redirect hackers will script. If you insert it into htaccess or other core files to make the site automatically connect to other pages or sites, it is usually a malicious redirection. The main site or a single page may be affected. If multiple sites are used, the entire network may also be at risk. The website will automatically load other URLs, so you can immediately know the malicious redirection. If the corrupted file still uses the theme’s style, the redirection may not be obvious. In this case, the page may display many advertisements, otherwise it will look like your site. Instead, your site may be redirected to other sites that contain content that is only suitable for spam links or adults. This is usually the easiest hacking to detect immediately, because when you try to access a site or a specific page, you will see it redirected. Fortunately, this problem is not completely insoluble. It is very important to back up the site before site testing and cleaning up after being attacked by hackers. There may be valuable information on the site. Even if it is attacked by hackers, it may need to be recovered later. Male snapshot is a high-end backup solution. To make matters worse, some hosting providers may close or delete sites after discovering that they are damaged, especially in shared hosting plans. Many high-quality backup plug-ins are available, including snapshot, vaultpress, and backupbuddy. After backing up the entire site, you can start. If you are convinced that you have been hacked, you can still find other affected files, so the test site is still helpful. If you know where the problem is, you can clean up the code to solve the problem. The following is a website that provides free inspection of hacker files. Unmask paralleles- you can know whether the website has been hacked. This is the first step in determining whether there is a problem. Sucuri site check – a more comprehensive scan than the previous link. It will also notify you if your site is on the block list. Norton
Safe web – quickly view your site for threats. Quattera – check for malware on the site. VirusTotal – you can check your site or IP address for common viruses, Trojans, malware, etc. Use more than 50 different scanners for more accurate results. Remove malware – this site scanner can check for malware, viruses, insert scripts, malicious redirects, and more. My server scan – scan malware, SQL injection, XSS, etc. and provide detailed reports. However, in addition to adding back links to the site to confirm ownership, e-mail addresses are also required. The report will be sent by email and will take approximately 24 hours. Due to the different intensity and searchable infection types, it is best to use or use more of all the sites listed above. It is also important to check your computer for viruses that may affect your browser. In the method of cleaning up WordPress sites invaded by hackers, wordfence lists some excellent commands, which are used together with SSH access to help find malicious scripts and code. To search for recently modified files, start by listing directories. Don’t forget to replace the load summary 07b3ea5f1213958ae0bf015e3e1abe5d\/home\/yourdirector\/yoursite\/ with the actual file path of the site. If the search results are not displayed, please enter another search, but it has been modified to search in the past 10 days. Load the summary 710ed1ca95ab17ac5f59cd5c318d5560, but you must enter the actual file path of the site. If the results no longer appear, please continue searching and slowly increase the number of days to search. In the previous example, you could change the number 10 to a slightly larger value. You can also use an SSH tool called grep. This allows you to search files for common values injected by hackers. To list the affected files, enter the following command and start: Only by replacing, the value user will search for the actual value of. Load summary d80c6ebca5fd817348f92b4e4b5de8ed Base64 and bad hacker can search the following common values. After finding the hacker file, you can use the following command to search the actual file. At this point, replace value with the actual search term you want to use. After identifying the 559649ba1783d42b9d63f276f2258bd1 problem in the loading summary, you can start cleaning up the site. Depending on the location of the problem code, it can be refreshed manually. Backdoor file containing only malicious scripts – delete the file. Malicious code found in WordPress core or plug-in files – delete the file and upload a clean copy of the file. Malicious code found in legitimate customization files – delete the malicious code and save the file. If you want to skip troubleshooting, you can restore the site from an unaffected backup, then update the site, plug-ins, topics, and scripts, and enhance site security. If you think you have found and deleted all malicious code, please re run the site to ensure that nothing is missing. If you are sure that you have modified all the content, it is recommended to contact the hosting provider. Although I can tell you the fact of the recent attack, I hope to sort everything out and reconfirm whether there are additional vulnerabilities in the website. They can help confirm the security of the site, but notification is also important. Notification hosts are especially useful when your site is reported as a threat by a third-party automated scanner or ordinary visitors. The host already knows the situation, so it can take appropriate measures without taking other measures to ensure that the site is included in the white list. thumb
Generally speaking, you’d better consult the hosting provider after considering that you have solved the security risks of the website. Some hosts may shut down your site immediately after hearing threats from your site, so it is important to back up your site at least before contacting them. After the site and IP address allow list is imported into the site, the site or IP address can still be displayed as garbage. The first step to solving this problem is to find the location in the block list. To find out who stopped you, the best choices are unmask parasites and spamhaus. I like spamhaus best. Because the garbage room is not only one of the websites you may be blocked, but more importantly, it also provides a link to your blocked websites so that you can apply for registration to the Allow list. You cannot go directly to the spam website for confirmation. The scan must be performed manually. Fortunately, this is very simple, just enter a link like the following example. Load the key points c9e659debc6a3fd92187c3c83be91c43, enter the URL into the address field, and replace 123.45.689.10 with the actual IP address hosted by the site. When you access the page, the results are listed. Male spamhaus uploads your IP address to the exact website on the blacklist. If a site is included in the block list, the IP address is displayed in red next to the site link that adds the site’s IP address to the block list. Open the link in the new tab and follow the instructions to request that the IP address be included in the Allow list. Each site has different guidelines. Please follow them carefully. It usually takes only a few clicks to apply. After submitting the application, the website can process it for up to 48 hours. In most cases, you will not receive notifications after the process completes. This means that you must wait a moment before generating a manual spamhaus search to ensure that your site is on the Allow list. In many cases, you can only apply for deletion from the blacklist once, so you need to ensure that the site is clean and all threats are completely resolved. Otherwise, the site and IP address are at risk of permanent blocking. If blocked by Google, the application process may be slightly more complicated, and it will take 12 to 24 hours to process. Fortunately, the instructions for reviewing requests are easy to use. This is done when the site and IP address are reviewed and added to the Allow list. Exactly. There are several important steps to be completed. But wait, it’s not over yet! If the themes or plug-ins installed after successfully cleaning up your site have not been updated, you must update word press. In addition, you must keep regular tabs on the site so that the site can be continuously updated. Another security measure that needs to be taken immediately is to change the password. If you are running multiple sites, it is also a good idea to have everyone on the network update their passwords. The next step is to change the WordPress security key. This will cancel all active cookies that remain logged in for a long time. If the changes are made, hackers will no longer be able to access the site. You can use WordPress’ random security key generator to create a new key. Then WP config. Replace the old key in the PHP file with the new key. The code to be replaced is similar to the following example: You can also use the load summary e93e2c1293bc0ea8d754c21ab5a20501 SSH access to install the free config server security and firewall in the server root directory. It’s easy to set up. First, make sure you are logged in to the root directory or server. Otherwise it will not work
