Resolved HELP!!! URGENT! Unable to access site!
- Thread starter femifitx
- Start date
- Status
- Messages
- 5,609
- Reaction score
- 250
- Points
- 63
Your website was hacked.
Please log in to your DirectAdmin and delete your files and databases, as they are probably compromised. Change your x10 password, your FTP passwords, your database passwords, and your email passwords.
Make sure that when you install software, that you keep it up to date and don't install any addons that aren't trustworthy from official sources. Use strong passwords with numbers, letters, capitol letters, and symbols, and is at least 8 characters long, preferably more.
Please log in to your DirectAdmin and delete your files and databases, as they are probably compromised. Change your x10 password, your FTP passwords, your database passwords, and your email passwords.
Make sure that when you install software, that you keep it up to date and don't install any addons that aren't trustworthy from official sources. Use strong passwords with numbers, letters, capitol letters, and symbols, and is at least 8 characters long, preferably more.
Yes, I already figured that's what happened. Apparently, this is an ongoing threat - quite a number of people have reported the same issue online.
Even though I doubt this has much to do with my passwords, I actually already did almost everything you recommended. I checked the login log and my credentials were not used to access my site, so this is an attack that happened directly from the backend (server side). I went through the files and found several of them with the malicious code. I couldn't access my Wordpress installation at all because they redirected it. But I was able to scout the database and made the necessary changes to re-gain access. I'm trying to replace everything with an old backup now, but it's a few months old. Was hoping the admins would have a more recent backup. This thing literally just happened today (or at worst, yesterday), I believe, because I still checked the site yesterday (and definitely the day before) and everything was fine.
Please let me know if there's a more recent backup that can be restored. Thanks.
Even though I doubt this has much to do with my passwords, I actually already did almost everything you recommended. I checked the login log and my credentials were not used to access my site, so this is an attack that happened directly from the backend (server side). I went through the files and found several of them with the malicious code. I couldn't access my Wordpress installation at all because they redirected it. But I was able to scout the database and made the necessary changes to re-gain access. I'm trying to replace everything with an old backup now, but it's a few months old. Was hoping the admins would have a more recent backup. This thing literally just happened today (or at worst, yesterday), I believe, because I still checked the site yesterday (and definitely the day before) and everything was fine.
Please let me know if there's a more recent backup that can be restored. Thanks.
Thank you. I actually just realized this too. I was scouring through the files and removing the malicious code. I thought I had it all, but the problem still persisted in some areas. I decided to look through the plugins and I already found some of them with the code.. smh. I literally just thought of disabling everything and then I see your post here, so that's confirmation. I appreciate your input.
- Messages
- 2,199
- Reaction score
- 195
- Points
- 63
Your welcome, that's the problem with popular scripts they attract hackers.
that's why like garrettroyce said you should always ...
Make sure that when you install software, that you keep it up to date and don't install any addons that aren't trustworthy from official sources. Use strong passwords with numbers, letters, capitol letters, and symbols, and is at least 8 characters long, preferably more.
that's why like garrettroyce said you should always ...
Make sure that when you install software, that you keep it up to date and don't install any addons that aren't trustworthy from official sources. Use strong passwords with numbers, letters, capitol letters, and symbols, and is at least 8 characters long, preferably more.
Yes, I did all that - official software, all up to date, no unofficial addons e.t.c... Passwords also met those rules - mix of letters, capital letters, numbers, special characters, e.t.c... But somehow, this still happened. From what I see on Google, this is actually a continuing threat - a lot of sites have been affected. And checking my access log showed no access using my credentials, so this happened through the backdoor somehow. Nothing I could have done on my end to prevent it.
I'm just hoping the admin here has a recent backup so I can delete everything there now and do a restore. This is killing me!
I'm just hoping the admin here has a recent backup so I can delete everything there now and do a restore. This is killing me!
The thing is, this literally just happened on the 14th. I know for a fact because I was on my site on the 13th and everything was fine. My site is not static (for informational purposes only), so starting from scratch is really not an option. I'd need to rely on some backup of some sort to get me going. All said though, I'm working my way through it and I've pretty much eliminated the threat. In a situation where there's no help for this kind of urgency, I suppose there's not much else one can do.
Thanks your suggestions, they've been helpful. 
Thanks your suggestions, they've been helpful.
- Messages
- 2,199
- Reaction score
- 195
- Points
- 63
x10hosting does not by default provide support for scripts or wordpress.
the only help provided would be from other users or staff that use wordpress.
you could also seek advise on the wordpress support forum.
as for the backups, its normally up to the user to make backups of their files.
any backup made by x10 is generally automatic for domains.
but the frequency of x10s backup may or may not be accurate or recent.
it might have been a month ago or 2 weeks ago, then the question is would it be
compromised as well. this is why its always best to keep your own backups.
(not to keep on x10 website but to download to your pc when created)
the only help provided would be from other users or staff that use wordpress.
you could also seek advise on the wordpress support forum.
as for the backups, its normally up to the user to make backups of their files.
any backup made by x10 is generally automatic for domains.
but the frequency of x10s backup may or may not be accurate or recent.
it might have been a month ago or 2 weeks ago, then the question is would it be
compromised as well. this is why its always best to keep your own backups.
(not to keep on x10 website but to download to your pc when created)
I'm aware of that, but this is more than a Wordpress issue though - it's literally the whole site. I'd imagine that something as serious as the site being compromised (which in turn means there's been some access to the server) would be taken somewhat seriously. Particularly in a situation where the compromise was not due to a leaked password e.t.c... I mean, right now, who knows how many web sites on the server may be affected as well? I may have just been the first to catch it.
Nonetheless, it's all good. I have it taken care of on my end. I have a backup from months back, was hoping x10hosting has something more recent. No, something even as recent as a week ago could not have been compromised, this hack just happened. But at this point, it's fine... I've wiped down and started over. I've been on this for the past 3 days and I'm making significant headway, I'll be good.
Yes, I take occasional backups. Because of the space restrictions on x10hosting, it's a bit hard to schedule automatic backups (backups are first to the server, then downloaded locally). So, I can only practically do this manually and then download the file immediately.
Nonetheless, it's all good. I have it taken care of on my end. I have a backup from months back, was hoping x10hosting has something more recent. No, something even as recent as a week ago could not have been compromised, this hack just happened. But at this point, it's fine... I've wiped down and started over. I've been on this for the past 3 days and I'm making significant headway, I'll be good.
Yes, I take occasional backups. Because of the space restrictions on x10hosting, it's a bit hard to schedule automatic backups (backups are first to the server, then downloaded locally). So, I can only practically do this manually and then download the file immediately.
- Messages
- 5,609
- Reaction score
- 250
- Points
- 63
x10 doesn't maintain backups, so I'm sorry to say that you would not be able to get any help there.
The nature of the hosting environment is that users have access to only their own home directory (/home/{your user name}/) and some minimal access to directories like /var/log/http/{your domain name}. All the server software runs as unprivileged users like "nobody" or "apache" that can only read files that specifically have unprivileged access. There's also sandboxing in effect to limit users from doing anything outside your own directory.
Why I mention all of this is that your account being compromised really has no implications for any other user or the server as a whole. Otherwise, hackers would just sign up for accounts and hack everyone on the serer.
The nature of the hosting environment is that users have access to only their own home directory (/home/{your user name}/) and some minimal access to directories like /var/log/http/{your domain name}. All the server software runs as unprivileged users like "nobody" or "apache" that can only read files that specifically have unprivileged access. There's also sandboxing in effect to limit users from doing anything outside your own directory.
Why I mention all of this is that your account being compromised really has no implications for any other user or the server as a whole. Otherwise, hackers would just sign up for accounts and hack everyone on the serer.
- Status