Keep getting hacked

  • Hello. I’ve read all of the WordPress anti-hacking sites I can find but my sites keep getting hacked. The only thing affected is the main index.php file. I’ve even set the file to read-only and it still keeps getting changed. Can someone give me some pointers on this?

    It’s running on my personal Windows 2008 R2 box with the latest version of PHP for Windows and the latest WordPress site with IIS 7. None of the other non-Wordpress sites on my box are being affected. Thanks for any help.

Viewing 6 replies - 16 through 21 (of 21 total)
  • Thread Starter Computerflake

    (@computerflake)

    Which has since been closed by hardening the site, right. I also upgraded to the latest version of php, and had the clients change their logins from admin and use really complex passwords. Now that the php malicious code has been removed, no more infections have been seen for several days.

    Have you considered the possibility of FTP leaks from an infected user’s machine?

    Thread Starter Computerflake

    (@computerflake)

    Not sure how I would stop that. If the person uploads it to their own site, that’s their problem, I guess.

    Longer term, it might be worth keeping an eye on the ftp access logs to see if any re-infections correspond with ftp access by one of your users. I’ve seen that happen before. The only thing that tied it down was the timestamp in the ftp logs matching a re-infection.

    Thread Starter Computerflake

    (@computerflake)

    Good idea and much appreciated. Don’t you just love php?

    It’s the ^*£*%^ hackers that get me. What a waste of energy!

Viewing 6 replies - 16 through 21 (of 21 total)
  • The topic ‘Keep getting hacked’ is closed to new replies.