Site attacked by hackers?

I didn’t click on the link

Very wise. I *never* click *any* link in *any* e-mail. At best, I will copy a link from an e-mail and paste it into Notepad to see exactly what it is, and then either go to a given site separately (without using that link) or discard both it and the e-mail.

I…checked my wp-admin, seems fine and no warning even on dashboard.

I would guess someone has simply found and used your e-mail address to bait you to come to here: https://www.whois.com/whois/178.124.71.250. If so, no harm has been done.

Should I do anything to protect my website?

Most certainly, if you have not done so already. What security do you presently have in place?

Leejosepho, thank you!
I never click ?? I hover and check the url behind.. anyway..
As we speak, wp blocked my account because of multiple login attempt. OMG!!
Now, I can try again in 19 hours! pour me, I’ve been hacked :(((((((
It is sad. yup>

Most certainly, if you have not done so already. What security do you presently have in place?

I don’t have any security as well

Damn.
Thank you, thanks ??

As we speak, wp blocked my account because of multiple login attempt.

Are you certain that is not being done by your host? You might check there just to be sure. Also, and if your host is definitely hot involved here and if you have either cPanel or some other kind of FTP/SFTP access, it is quite possible to regain complete control right now.

I don’t have any security as well

That can be solved also, but we first need your site back under your exclusive control!

Hoe can I know if it’s my host cause? u mean that my host tried to login?

No, it is possible that your host has some kind of blocking code in place to slow or to stop brute-force attacks or login attempts at any site. I kind of doubt that is the case here, but you should know for certain before going to your server and possibly causing trouble for yourself with your host by making changes.

Edit: You should be able to contact your host either via live chat, e-mail or by phone.

Hey,
I am waiting for the chat right now yes.
Is there anything I can do with my DB or cpanel?

Is there anything I can do with my DB or cpanel?

Yes, cPanel will be great, and one thing you *could* do — not suggesting this just yet — is to change your .htaccess permissions to 0400 to block *all* traffic from reaching your site. However, that extreme should not really be necessary here since you are not trying to stop a brute-force DDOS attack.

I am sorry, didnt get you.
I have an access to Cpanel, so, should I do something in my DB in order to gain my access?
After that, I would be happy to hear your recommendations for security.
Thanks,

should I do something in my DB in order to gain my access?

No, it sounds like your IP is being blocked, and I would begin checking for that by using File Manager at cPanel to first look at .htaccess in your root folder. If no IP block against you can be found there, then you are being blocked dynamically and I would change the permissions of .htaccess to 0400 to block *all* traffic from reaching your domain while you use File Manager at cPanel to begin some cleanup actions.

I am sorry.
I don’t understand, my .htaccess has a lot of code inside it, don’t know what to check or change… can u be more specific?

my .htaccess has a lot of code inside it

That *could* be your very problem, and it would be great to discover all of your intrusion has happened only right there.

WordPress can typically run with no .htaccess file at all or with just a little for dealing with permanlinks, so you might first try simply renaming .htaccess to .htac-cess to disable it, then try logging in.

Edit: If you wish, you can safely post your .htaccess here between two “code” tags from the above button.

I did something with my host, added a denied-ip, it’s Mishka from Belarus, well done Russian hackers, u must be really bird or mean!

My ht-:

# BEGIN WPSuperCache
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /wish/
#If you serve pages from behind a proxy you may want to change 'RewriteCond %{HTTPS} on' to something more sensible
AddDefaultCharset UTF-8
RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{HTTPS} on
RewriteCond %{DOCUMENT_ROOT}/wish/wp-content/cache/supercache/%{SERVER_NAME}/wish/$1/index-https.html.gz -f
RewriteRule ^(.*) "/wish/wp-content/cache/supercache/%{SERVER_NAME}/wish/$1/index-https.html.gz" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{HTTPS} !on
RewriteCond %{DOCUMENT_ROOT}/wish/wp-content/cache/supercache/%{SERVER_NAME}/wish/$1/index.html.gz -f
RewriteRule ^(.*) "/wish/wp-content/cache/supercache/%{SERVER_NAME}/wish/$1/index.html.gz" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTPS} on
RewriteCond %{DOCUMENT_ROOT}/wish/wp-content/cache/supercache/%{SERVER_NAME}/wish/$1/index.html -f
RewriteRule ^(.*) "/wish/wp-content/cache/supercache/%{SERVER_NAME}/wish/$1/index.html" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTPS} !on
RewriteCond %{DOCUMENT_ROOT}/wish/wp-content/cache/supercache/%{SERVER_NAME}/wish/$1/index.html -f
RewriteRule ^(.*) "/wish/wp-content/cache/supercache/%{SERVER_NAME}/wish/$1/index.html" [L]
</IfModule>

# END WPSuperCache

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

I think I can rid of all the block except the last one no?

There is no “Deny” anywhere there, so that is not how you were/are being blocked. I know nothing about WPSuperCrap, er, I mean WPSuperCache, so I will say nothing about that code other than to say WordPress only need this:

`
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
‘

If you clear all caching and run only that code and you are still blocked, then I would change the permissions of .htaccess to 0404 and begin cleaning.

Edit: If you try that and you are still blocked, I would also go to MySQL at cPanel and change your database user’s password to stop any possible (further?) injection there.

I am not blocked anymore, I insert some ip the host gave me, put it in cpanel->denied id.
He said the plugin:”theme my login” cause the blocking cause Mishka tried to break into wp-admin.
The plugin is disabled for now.
Should I still change the .htaccess like u suggested?
tnx

Should I still change the .htaccess like u suggested?

Ah, no, no need to mess with it, and please be sure to thank Jeff Farthing for protecting your site!

Edit: I have no experience with Theme My Login’s blocking, so I am going to back away from here rather than risk causing any kind of mess for you by merely guessing at anything.