Someone redirected my network to illegal shit - GoFuckYourself.com

kurtov · 07-07-2016, 08:49 AM

So pissed. I'd appreciate anyone's advice on this matter.

Iv'e got a team resolving the problem as we speak, detecting problem files and cleaning the sites. The majority of the sites are wordpress. My questions are:

1> What are some effective ways to prevent this from happening in the future? Im running all of the sites through CloudFlare and updating the sites on a regular basis (plugins/ themes). What are some good, reliable security options?

2> I use Wordfence security. It told me many times that someone was locked out for trying to log in from San Francisco. Is there any way i can track this dirt bag down?

Any other advice to beat this problem would be super appreciated.

Thanks kindly GFY

xXXtesy10 · 07-07-2016, 08:56 AM

teg0 · 07-07-2016, 09:01 AM

1. Keep Wordpress up to date.
2. Don't depend too heavily on plugins. It's plugins that are usually exploited.
3. Don't use any sort of pirated theme. If it's a premium theme, make sure it's one you've paid for and downloaded from the seller.
4. Hide the Wordpress version number from showing up in the source code. This keeps scripts from crawling around looking for a specific Wordpress version to exploit. (The Right Way to Remove WordPress Version Number)
5. Don't use Wordpress on sites that don't really need to be Wordpress.
6. Make sure you're not hosting with some noob company that has you on a shared server that isn't secured enough where someone else's site's exploit can effect your site too.

Sounds like you're doing the right things so it's probably just some plugin that has an exploit. Everyone is far too dependent on Wordpress, but I understand why. It's just easy pickings for exploits and traffic redirects.

DVTimes · 07-07-2016, 09:04 AM

Make sure your not using admin as your login.

kurtov · 07-07-2016, 09:09 AM

Quote:

Originally Posted by teg0

4. Hide the Wordpress version number from showing up in the source code. This keeps scripts from crawling around looking for a specific Wordpress version to exploit. (The Right Way to Remove WordPress Version Number)
6. Make sure you're not hosting with some noob company that has you on a shared server that isn't secured enough where someone else's site's exploit can effect your site too.

Man thanks.
The other stuff im already doing but,
Hiding Wordpress versions is a great idea. thanks for the link

I host with godaddy, who just hung up on me. Thinking about buying their security thing, dunno if its garbage or not.

3xmedia · 07-07-2016, 09:19 AM

lol using GD for hosting is retarded, it's even more retarded than using GD for domains

Freedom6995 · 07-07-2016, 09:23 AM

Limit access via a .htaccess file in wp-admin

kurtov · 07-07-2016, 09:24 AM

Quote:

Originally Posted by Freedom6995

Limit access via a .htaccess file in wp-admin

This is a great suggestion. Thank you.

kurtov · 07-07-2016, 09:27 AM

Quote:

Originally Posted by 3xmedia

lol using GD for hosting is retarded, it's even more retarded than using GD for domains

Which host would you recommend?

deonbell · 07-07-2016, 09:43 AM

What type illegal stuff redirecting too?

I agree with protecting access to wp-admin with htaccess.

j3rkules · 07-07-2016, 09:54 AM

Quote:

Originally Posted by teg0

1. Keep Wordpress up to date.
2. Don't depend too heavily on plugins. It's plugins that are usually exploited.
3. Don't use any sort of pirated theme. If it's a premium theme, make sure it's one you've paid for and downloaded from the seller.
4. Hide the Wordpress version number from showing up in the source code. This keeps scripts from crawling around looking for a specific Wordpress version to exploit. (The Right Way to Remove WordPress Version Number)
5. Don't use Wordpress on sites that don't really need to be Wordpress.
6. Make sure you're not hosting with some noob company that has you on a shared server that isn't secured enough where someone else's site's exploit can effect your site too.

Sounds like you're doing the right things so it's probably just some plugin that has an exploit. Everyone is far too dependent on Wordpress, but I understand why. It's just easy pickings for exploits and traffic redirects.

Also create a strong passwords for your sites using ambiguous, lower and uppercase characters et cetera.

kurtov · 07-07-2016, 09:57 AM

Quote:

Originally Posted by jerkules

Also create a strong passwords for your sites using ambiguous, lower and uppercase characters et cetera.

Yes i do that. But totally noobiated on having admin as a user name. It's like we were beckoning hackers.

07-07-2016, 08:49 AM	#1
kurtov Confirmed User Join Date: Dec 2007 Posts: 347	Someone redirected my network to illegal shit So pissed. I'd appreciate anyone's advice on this matter. Iv'e got a team resolving the problem as we speak, detecting problem files and cleaning the sites. The majority of the sites are wordpress. My questions are: 1> What are some effective ways to prevent this from happening in the future? Im running all of the sites through CloudFlare and updating the sites on a regular basis (plugins/ themes). What are some good, reliable security options? 2> I use Wordfence security. It told me many times that someone was locked out for trying to log in from San Francisco. Is there any way i can track this dirt bag down? Any other advice to beat this problem would be super appreciated. Thanks kindly GFY __________________ Skype - Kurtovxxx

07-07-2016, 08:56 AM	#2
xXXtesy10 Fakecoin Investor Industry Role: Join Date: Jul 2012 Location: New Delhi, IN Posts: 7,128	__________________ WARNING: Stay Away From Marlboroack aka aka Brandon Ackerman https://gfy.com/21169705-post8.html Donny Long is Felon, Stalker, Scammer & Coward http://www.ripoffreport.com/reports/...lon-int-761244

07-07-2016, 09:01 AM	#3
teg0 Confirmed User Join Date: Jan 2006 Location: Gringo in Puerto Rico Posts: 4,197	1. Keep Wordpress up to date. 2. Don't depend too heavily on plugins. It's plugins that are usually exploited. 3. Don't use any sort of pirated theme. If it's a premium theme, make sure it's one you've paid for and downloaded from the seller. 4. Hide the Wordpress version number from showing up in the source code. This keeps scripts from crawling around looking for a specific Wordpress version to exploit. (The Right Way to Remove WordPress Version Number) 5. Don't use Wordpress on sites that don't really need to be Wordpress. 6. Make sure you're not hosting with some noob company that has you on a shared server that isn't secured enough where someone else's site's exploit can effect your site too. Sounds like you're doing the right things so it's probably just some plugin that has an exploit. Everyone is far too dependent on Wordpress, but I understand why. It's just easy pickings for exploits and traffic redirects. __________________ OV Tube - Tube Script Software

07-07-2016, 09:04 AM	#4
DVTimes xxx Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,544	Make sure your not using admin as your login. __________________ The Affiliate Program

07-07-2016, 09:19 AM	#6
3xmedia Confirmed User Industry Role: Join Date: Apr 2004 Posts: 5,718	lol using GD for hosting is retarded, it's even more retarded than using GD for domains __________________ ---

07-07-2016, 09:23 AM	#7
Freedom6995 Friends of Venus founder Industry Role: Join Date: Jul 2010 Posts: 1,964	Limit access via a .htaccess file in wp-admin __________________ Email: freedom6995 . protonmail.com

07-07-2016, 09:43 AM	#10
deonbell Confirmed User Industry Role: Join Date: Sep 2015 Posts: 1,045	What type illegal stuff redirecting too? I agree with protecting access to wp-admin with htaccess. __________________ Fake Naked Celebrity Sex Gallery