GoFuckYourself.com - Adult Webmaster Forum - Someone redirected my network to illegal shit

- Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)

- - Someone redirected my network to illegal shit (https://gfy.com/showthread.php?t=1206109)

Someone redirected my network to illegal shit

:mad::mad::mad::mad:

So pissed. I'd appreciate anyone's advice on this matter.

Iv'e got a team resolving the problem as we speak, detecting problem files and cleaning the sites. The majority of the sites are wordpress. My questions are:

1> What are some effective ways to prevent this from happening in the future? Im running all of the sites through CloudFlare and updating the sites on a regular basis (plugins/ themes). What are some good, reliable security options?

2> I use Wordfence security. It told me many times that someone was locked out for trying to log in from San Francisco. Is there any way i can track this dirt bag down?

Any other advice to beat this problem would be super appreciated.

Thanks kindly GFY

1. Keep Wordpress up to date.
2. Don't depend too heavily on plugins. It's plugins that are usually exploited.
3. Don't use any sort of pirated theme. If it's a premium theme, make sure it's one you've paid for and downloaded from the seller.
4. Hide the Wordpress version number from showing up in the source code. This keeps scripts from crawling around looking for a specific Wordpress version to exploit. (The Right Way to Remove WordPress Version Number)
5. Don't use Wordpress on sites that don't really need to be Wordpress.
6. Make sure you're not hosting with some noob company that has you on a shared server that isn't secured enough where someone else's site's exploit can effect your site too.

Sounds like you're doing the right things so it's probably just some plugin that has an exploit. Everyone is far too dependent on Wordpress, but I understand why. It's just easy pickings for exploits and traffic redirects.

Make sure your not using admin as your login.

Quote:

Originally Posted by teg0 (Post 21014191)

4. Hide the Wordpress version number from showing up in the source code. This keeps scripts from crawling around looking for a specific Wordpress version to exploit. (The Right Way to Remove WordPress Version Number)
6. Make sure you're not hosting with some noob company that has you on a shared server that isn't secured enough where someone else's site's exploit can effect your site too.

Man thanks.
The other stuff im already doing but,
Hiding Wordpress versions is a great idea. thanks for the link :thumbsup
I host with godaddy, who just hung up on me. Thinking about buying their security thing, dunno if its garbage or not.

lol using GD for hosting is retarded, it's even more retarded than using GD for domains :1orglaugh:1orglaugh:1orglaugh

Limit access via a .htaccess file in wp-admin

Quote:

Originally Posted by Freedom6995 (Post 21014233)

Limit access via a .htaccess file in wp-admin

This is a great suggestion. Thank you.

Quote:

Originally Posted by 3xmedia (Post 21014218)

lol using GD for hosting is retarded, it's even more retarded than using GD for domains :1orglaugh:1orglaugh:1orglaugh

Which host would you recommend?

What type illegal stuff redirecting too?

I agree with protecting access to wp-admin with htaccess.

Quote:

Originally Posted by teg0 (Post 21014191)

Also create a strong passwords for your sites using ambiguous, lower and uppercase characters et cetera.

Quote:

Originally Posted by jerkules (Post 21014302)

Also create a strong passwords for your sites using ambiguous, lower and uppercase characters et cetera.

Yes i do that. But totally noobiated on having admin as a user name. It's like we were beckoning hackers. :disgust