Page 1 of 2 12 LastLast
Results 1 to 20 of 32
  1. #1
    Gamble 4 Keeps's Avatar
    Gamble 4 Keeps is offline Public Member
    Join Date
    February 2014
    Location
    New Zealand
    Posts
    80
    Blog Entries
    1
    Thanks
    89
    Thanked 33 Times in 23 Posts

    Thumbs down Website is being hacked

    Hi

    I am in need of some help please. It appears my website has been hacked by someone, and i am not sure how to find out or fix the problem. My website is www.gamble4keeps.com hope i can post this here. If not remove the URL

    This morning i noticed my website started to take around 3 minutes to load, even though it was working fine when i went to bed. Later this evening, it got to the point i couldnt access my site. So we did a database backup.

    Now i am noticing links and redirection on my site that i did not put there and they redirect to a landing page of some sort. Can someone offer any advice urgently.

    I have found so far two links that divert to something i never put up or redirected to.

    xxhttp://www.gamble4keeps.com/how-to-beat-slots
    xxhttp://www.gamble4keeps.com/casino-in-mobile-al
    G4K Community forums <---- Join our forums today - Become part of the family
    Online Gambling Reviews
    Best Online Gambling Bonuses
    Have A Gambling Problem <-- Get Excluded From Being Able To Gamble Online. One Form for ALL Gambling sites.



  2. #2
    PromoteCasino is offline Private Member
    Join Date
    June 2013
    Location
    London
    Posts
    1,117
    Thanks
    1,073
    Thanked 496 Times in 335 Posts

    Default

    Hi,

    I will be very interested in what the community has to say about this and how it has been achieved. It is worrying that now you don't even to have to have a spam url when they can use someone else's url. Disturbing to say the least. I hope you can get this resolved quickly.

    If anyone knows a way to prevent this happening I and many others I am sure would be grateful.
    BettingOffers.bet - Latest offers and bonuses from reputable UK bookmakers. A New project underway but a long way to go Bookie Rewards

  3. The Following User Says Thank You to PromoteCasino For This Useful Post:

    Gamble 4 Keeps (25 February 2015)

  4. #3
    Gamble 4 Keeps's Avatar
    Gamble 4 Keeps is offline Public Member
    Join Date
    February 2014
    Location
    New Zealand
    Posts
    80
    Blog Entries
    1
    Thanks
    89
    Thanked 33 Times in 23 Posts

    Default

    Its really strange, hostgators security team are investigating it. but they are unsure at this stage. The only reason i picked it up was because i happen to look at my whos online stats and saw someone view these two links.

    Its really strange.
    G4K Community forums <---- Join our forums today - Become part of the family
    Online Gambling Reviews
    Best Online Gambling Bonuses
    Have A Gambling Problem <-- Get Excluded From Being Able To Gamble Online. One Form for ALL Gambling sites.



  5. #4
    Gamble 4 Keeps's Avatar
    Gamble 4 Keeps is offline Public Member
    Join Date
    February 2014
    Location
    New Zealand
    Posts
    80
    Blog Entries
    1
    Thanks
    89
    Thanked 33 Times in 23 Posts

    Default

    ok more links popping up

    xxhttp://www.gamble4keeps.com/i-want-to-play-blackjack
    xxhttp://www.gamble4keeps.com/how-to-win-playing-slot-machines
    xxhttp://www.gamble4keeps.com/best-online--casino-sites
    G4K Community forums <---- Join our forums today - Become part of the family
    Online Gambling Reviews
    Best Online Gambling Bonuses
    Have A Gambling Problem <-- Get Excluded From Being Able To Gamble Online. One Form for ALL Gambling sites.



  6. #5
    JackTenSuited is offline Private Member
    Join Date
    March 2004
    Posts
    1,014
    Thanks
    23
    Thanked 335 Times in 208 Posts

    Default

    check the .htaccess file to see if has been modified in any way if not restore it to the default wordpress one and update all your plugins.
    then work through this http://codex.wordpress.org/FAQ_My_site_was_hacked

  7. The Following 2 Users Say Thank You to JackTenSuited For This Useful Post:

    Gamble 4 Keeps (25 February 2015), PromoteCasino (25 February 2015)

  8. #6
    Scampi's Avatar
    Scampi is offline Private Member
    Join Date
    August 2013
    Posts
    855
    Thanks
    371
    Thanked 308 Times in 181 Posts

    Default

    To fix the problem, update to the latest version of Wordpress, then change theme and change back again. This should fix the problem and remove the spam links.

  9. The Following 2 Users Say Thank You to Scampi For This Useful Post:

    Gamble 4 Keeps (25 February 2015), vardan (25 February 2015)

  10. #7
    wonderpunter's Avatar
    wonderpunter is offline Private Member
    Join Date
    August 2013
    Posts
    2,510
    Blog Entries
    5
    Thanks
    402
    Thanked 1,678 Times in 1,006 Posts

    Default

    Install Wordfence, it will lock out repeat attempts "you have to set it up though" it will also notify you of attempts of login, Change User and Password, cleanup the pages that have been hacked, then apply cloud flare and set security to medium at least.. I find this is a good solid protection I have around 100 hack attempts daily

  11. The Following 4 Users Say Thank You to wonderpunter For This Useful Post:

    Gamble 4 Keeps (25 February 2015), LiveCasinoPartners (27 February 2015), PromoteCasino (25 February 2015), vardan (25 February 2015)

  12. #8
    Gamble 4 Keeps's Avatar
    Gamble 4 Keeps is offline Public Member
    Join Date
    February 2014
    Location
    New Zealand
    Posts
    80
    Blog Entries
    1
    Thanks
    89
    Thanked 33 Times in 23 Posts

    Default

    Quote Originally Posted by wonderpunter View Post
    Install Wordfence, it will lock out repeat attempts "you have to set it up though" it will also notify you of attempts of login, Change User and Password, cleanup the pages that have been hacked, then apply cloud flare and set security to medium at least.. I find this is a good solid protection I have around 100 hack attempts daily
    Have found the issue thanks so much. as soon as i installed and ran this program it picked up which files in my site were affected and removed the added information that was placed in them. You have no idea how gratefull i am. And i highly recommend EVERYONE get this plugin
    G4K Community forums <---- Join our forums today - Become part of the family
    Online Gambling Reviews
    Best Online Gambling Bonuses
    Have A Gambling Problem <-- Get Excluded From Being Able To Gamble Online. One Form for ALL Gambling sites.



  13. The Following User Says Thank You to Gamble 4 Keeps For This Useful Post:

    wonderpunter (25 February 2015)

  14. #9
    wonderpunter's Avatar
    wonderpunter is offline Private Member
    Join Date
    August 2013
    Posts
    2,510
    Blog Entries
    5
    Thanks
    402
    Thanked 1,678 Times in 1,006 Posts

    Default

    Quote Originally Posted by Gamble 4 Keeps View Post
    Have found the issue thanks so much. as soon as i installed and ran this program it picked up which files in my site were affected and removed the added information that was placed in them. You have no idea how gratefull i am. And i highly recommend EVERYONE get this plugin
    Awesome plugin, and free.. it should be bundled with every install, Tighten up the lockouts too

  15. The Following User Says Thank You to wonderpunter For This Useful Post:

    Gamble 4 Keeps (26 February 2015)

  16. #10
    robertwilliams's Avatar
    robertwilliams is offline Public Member
    Join Date
    October 2014
    Posts
    12
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Default

    Just to stick my nose in to this as well...

    Make sure you have a super password strength for your database password, and your WP login. If a hacker gains access to your server it's so easy for them to check your root directories, access your WP-Config files (for wordpress sites, just access your root via Filezilla / dreamweaver and you'll see it) and change your site passwords.

    Had this issue late last year and they managed to get into every site on my VPS. Royal pain in the backside - and apparently they profit from selling your logins to others. The cheek!!

  17. The Following User Says Thank You to robertwilliams For This Useful Post:

    Gamble 4 Keeps (26 February 2015)

  18. #11
    vardan's Avatar
    vardan is offline Private Member
    Join Date
    March 2014
    Location
    Barcelona, Spain
    Posts
    428
    Thanks
    382
    Thanked 226 Times in 155 Posts

    Default

    Glad everything is fine now for Gammble 4 Keeps.
    I installed Wordfence from the beginning and I permanently block all suspicious IP addresses.

  19. The Following User Says Thank You to vardan For This Useful Post:

    Gamble 4 Keeps (26 February 2015)

  20. #12
    sweetbet's Avatar
    sweetbet is offline Public Member
    Join Date
    November 2012
    Posts
    2,819
    Blog Entries
    5
    Thanks
    898
    Thanked 1,577 Times in 1,088 Posts

    Default

    I had something similar happen to one of my WP sites a long time ago.

    Try changing the following and see what happens:

    SETTINGS > PERMALINKS > Default

    Also, you don't have much security on your site.

    You might want to look at the following WP security plugins:

    Block Bad Queries (BBQ)
    Limit Login Attempts
    Rename wp-login.php
    SI CAPTCHA Anti-Spam
    Stealth Login Page
    Wordpress Firewall 2
    WordPress Simple Firewall

  21. The Following User Says Thank You to sweetbet For This Useful Post:

    Gamble 4 Keeps (26 February 2015)

  22. #13
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    28,013
    Thanks
    2,222
    Thanked 7,917 Times in 4,993 Posts

    Default

    Another plugin to consider is:
    All In One WP Security

    I have used all in one and like the features.

    In fact it offers a lot of the features in a single plugin that some of the others recommended.

    It makes renaming the admin login easy, has a built in firewall, limits login attempts based upon your settings and more.

    Rick
    Universal4

  23. The Following 2 Users Say Thank You to universal4 For This Useful Post:

    Gamble 4 Keeps (26 February 2015), LiveCasinoPartners (27 February 2015)

  24. #14
    Gamble 4 Keeps's Avatar
    Gamble 4 Keeps is offline Public Member
    Join Date
    February 2014
    Location
    New Zealand
    Posts
    80
    Blog Entries
    1
    Thanks
    89
    Thanked 33 Times in 23 Posts

    Default

    Update: Sites hacked again whole thing is taken down this time.

    Webhosting is trying to fix it. Will update more info when i get it.
    G4K Community forums <---- Join our forums today - Become part of the family
    Online Gambling Reviews
    Best Online Gambling Bonuses
    Have A Gambling Problem <-- Get Excluded From Being Able To Gamble Online. One Form for ALL Gambling sites.



  25. #15
    Gamble 4 Keeps's Avatar
    Gamble 4 Keeps is offline Public Member
    Join Date
    February 2014
    Location
    New Zealand
    Posts
    80
    Blog Entries
    1
    Thanks
    89
    Thanked 33 Times in 23 Posts

    Default

    Quick Update:

    Site has been infected by a malware hack, named Cryptophp. It has installed multiple versions of a file named social.png
    It looks like its an image, it is infact a php file that injects throughout your entire server so people can control the site.

    Hostgator are placing my account through a deep clean, but i may lose everything

    Be warned, it can happen evem if you have the best security plugins installed hostgator told me
    G4K Community forums <---- Join our forums today - Become part of the family
    Online Gambling Reviews
    Best Online Gambling Bonuses
    Have A Gambling Problem <-- Get Excluded From Being Able To Gamble Online. One Form for ALL Gambling sites.



  26. #16
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    28,013
    Thanks
    2,222
    Thanked 7,917 Times in 4,993 Posts

    Default

    I agree that in situations like this one has to be vigilant, but in order for the hack to take place, either they have to exploit an installed plug-in, brute force a password or otherwise gain write access to the web folder. If you are on shared hosting, one has to hope it did not come from hacked root access from any other shared client on the server.

    There are also sql injection type hacks, but this would normally only take place through an exploited plugin.

    If you ever find out the hack that was used, do let us know so others can also be warned if it happens to be a common plugin or such that was exploited.

    Rick
    Universal4

  27. The Following User Says Thank You to universal4 For This Useful Post:

    Gamble 4 Keeps (26 February 2015)

  28. #17
    Gamble 4 Keeps's Avatar
    Gamble 4 Keeps is offline Public Member
    Join Date
    February 2014
    Location
    New Zealand
    Posts
    80
    Blog Entries
    1
    Thanks
    89
    Thanked 33 Times in 23 Posts

    Default

    Quote Originally Posted by universal4 View Post
    I agree that in situations like this one has to be vigilant, but in order for the hack to take place, either they have to exploit an installed plug-in, brute force a password or otherwise gain write access to the web folder. If you are on shared hosting, one has to hope it did not come from hacked root access from any other shared client on the server.

    There are also sql injection type hacks, but this would normally only take place through an exploited plugin.

    If you ever find out the hack that was used, do let us know so others can also be warned if it happens to be a common plugin or such that was exploited.

    Rick
    Universal4

    Sure was on a shared server, that is changing that's for sure. Very valuable lesson here, make sure you do regular backups. Mind due in my case this hack has affected all stored backups that the hosting has done also. I never did any backups to my computer which is guttering.

    Hopefully i will have the site back up over the next 2 days But this is one thing everyone needs to be aware about. It caqn affect all wordpress, Joomla and other popular CMS. From what i have read over 23,000 sites have been infected with this Crypto PHP Hack
    G4K Community forums <---- Join our forums today - Become part of the family
    Online Gambling Reviews
    Best Online Gambling Bonuses
    Have A Gambling Problem <-- Get Excluded From Being Able To Gamble Online. One Form for ALL Gambling sites.



  29. #18
    wonderpunter's Avatar
    wonderpunter is offline Private Member
    Join Date
    August 2013
    Posts
    2,510
    Blog Entries
    5
    Thanks
    402
    Thanked 1,678 Times in 1,006 Posts

    Default

    Quote Originally Posted by Gamble 4 Keeps View Post
    Sure was on a shared server, that is changing that's for sure. Very valuable lesson here, make sure you do regular backups. Mind due in my case this hack has affected all stored backups that the hosting has done also. I never did any backups to my computer which is guttering.

    Hopefully i will have the site back up over the next 2 days But this is one thing everyone needs to be aware about. It caqn affect all wordpress, Joomla and other popular CMS. From what i have read over 23,000 sites have been infected with this Crypto PHP Hack
    Add Cloudflare to your site also, It will refuse attempted connection whilst giving you a speed boost, Once a hacker is in the best bet is really fresh install or rollback to a previous date, i back up my site daily as I post daily.. so if anything happens I will only lose 24 hours of work

    Just noticed... By chance did you download a free *Premium template? these are usually embedded with malware from the onset

  30. The Following 2 Users Say Thank You to wonderpunter For This Useful Post:

    Gamble 4 Keeps (26 February 2015), sweetbet (26 February 2015)

  31. #19
    Gamble 4 Keeps's Avatar
    Gamble 4 Keeps is offline Public Member
    Join Date
    February 2014
    Location
    New Zealand
    Posts
    80
    Blog Entries
    1
    Thanks
    89
    Thanked 33 Times in 23 Posts

    Default

    Quote Originally Posted by wonderpunter View Post
    Add Cloudflare to your site also, It will refuse attempted connection whilst giving you a speed boost, Once a hacker is in the best bet is really fresh install or rollback to a previous date, i back up my site daily as I post daily.. so if anything happens I will only lose 24 hours of work

    Just noticed... By chance did you download a free *Premium template? these are usually embedded with malware from the onset
    No I had purchased a template, however the hack was all through it. It also injected itself into all plugins i had. The biggest thing i find hard is, its infected my computer as well. Just running Melwarebytes and Avast as i speak.
    G4K Community forums <---- Join our forums today - Become part of the family
    Online Gambling Reviews
    Best Online Gambling Bonuses
    Have A Gambling Problem <-- Get Excluded From Being Able To Gamble Online. One Form for ALL Gambling sites.



  32. #20
    robertwilliams's Avatar
    robertwilliams is offline Public Member
    Join Date
    October 2014
    Posts
    12
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Default

    So sorry to hear this has happened again - hoping this gets resolved quickly for you.

    When taking backups via the host, download them weekly too, then delete the hosted version. This is quite a good habit to get into as if you move away from shared hosting, to a VPS or similar, the chances are that you'll no longer have 'unlimited' webspace. The addiction of creating multiple sites means that 30GB of space get's used up verrrrrry quickly.

    On a side note, are there authorities you can report these kind of hacking attempts too? The amount of our time that is stolen fixing this kind of crap.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •