Same hack

supporthost

Member
Registered
Joined
Jan 19, 2021
Messages
20
Points
1
2 Sites affected by the same hack (post_content injected with malicious Javascript )
Seems hosted by tsoHost.

Some advice?
 

Efe Agbontaen

Member
Registered
Joined
Sep 4, 2020
Messages
49
Points
6
And are the websites hosted on the same server?
 

supporthost

Member
Registered
Joined
Jan 19, 2021
Messages
20
Points
1

Efe Agbontaen

Member
Registered
Joined
Sep 4, 2020
Messages
49
Points
6
Efe Agbontaen
Okay, How did you figure out it's the same hack?

They probably hacked one and got access to the other because they are on the same server.

Try to Install WordFence. Scan the website for backdoors the hacker might have added to core files.

Update all Plugins

If you haven't already, change the file permissions of wp-config.php to 600. So that 1 hack does not affect the other

With these steps, you should be reasonably safe
 

WerdPressEh

New member
Registered
Joined
Jan 8, 2021
Messages
9
Points
1
Find the logs and see just what they did, and WAF active and if so which one?
 

Efe Agbontaen

Member
Registered
Joined
Sep 4, 2020
Messages
49
Points
6
Efe Agbontaen
Good idea, but if I were the hacker, I will remove all my activity from the logs. I will not even delete the log files, but I will simply find all entries with my IP Address and remove them.

Victim will not even suspect a thing
 

WerdPressEh

New member
Registered
Joined
Jan 8, 2021
Messages
9
Points
1
Most hackers that manage to inject or modify files on wordpress sites do not have access to root and so cannot modify server logs, also on a good setup logs will be monitored for changes which will be instantly logged offsite and the hacker would not have access to these even if he had root.
 

cspacews

Member
Hosting Provider
Registered
Joined
Jan 22, 2021
Messages
23
Points
1
I agree logs are always a good place to start with. Most of those Javascript infections are due to vulnerability in some plugin where they can writeback/run the encoded javascript to post their content onto the website.
 
Older Threads
Replies
13
Views
3,276
Replies
3
Views
1,809
Replies
8
Views
2,436
Replies
11
Views
3,568
Newer Threads
Replies
0
Views
2,210
Replies
2
Views
1,416
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top