Results 1 to 7 of 7
  1. #1
    Join Date
    Nov 2004
    Posts
    60

    How to track a wordpress or joomla site defacement or abuse?

    Hello,
    When I was a reseller, Server owners were saying I should see the logs in cpanel to find how the site is hacked. This way was very hard to me... I was finding the cause very hard. And still as a server owner I am saying to the customers they should check logs to find the problem. And most times we cannt find a resonable thing else than saying we should upgrade scripts to the last versions to avoid hack. Still this is not working for a home-made script and we have problems with customized scripts. specially for a very busy site it becomes horrible.

    Now I have more tools and I find the reason by sudden (I think it's by sudden... for example searching for the file name the hacker uploaded to the site) or tail server log or suddenly checking apache status log .... not a reliable way. But I think there should be a more reliable way to find the exact cause of the problem more speedy.

    Is there any better way to find such things better ? such a tracker or site health checker ? ... In past years I searched a lot but didnt find anything. shameful about asking this in forums
    Last edited by DAWN1404; 09-26-2013 at 04:20 AM.

  2. #2
    Join Date
    Jun 2011
    Posts
    2,286
    You may like to work on trying to prevent these intrusions/hackings/defacements in the first place. A good mod_security ruleset can be very helpful in preventing certain web exploits such as SQL Injections, XSS and so on.

    Are you using a control panel on YOUR server? I know you mentioned when you were a reseller you had cPanel, but what about now?

  3. #3
    Join Date
    Aug 2012
    Posts
    3,100
    You can also use CXS to prevent uploading malicious codes in to your websites. ConfigServer eXploit Scanner (cxs) is a new tool from ConfigServer that performs active scanning of files as they are uploaded to the server.
    BestServerSupport | Outsourced Hosting Support and Server Management Service Provider
    WHM/CPanel | HyperV Virtualization | Plesk | WebsitePanel | Windows VPS | OnAPP Cloud | Virtuzoo
    Helpdesk Support | Cloud Administration | Dedicated Support | VPS Support

  4. #4
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    Quote Originally Posted by DAWN1404 View Post
    Still this is not working for a home-made script and we have problems with customized scripts.
    Unfortunately there is no easy or magic way to find out how they're getting in; often it's obvious in the logs (many weird URLs etc) but just as often there's little or no evidence (eg: attacks via POST).

    But frankly, this is not the right way to do it. This sort of security is not your problem, it's the problem of the authors of the custom code - or the site user who needs to update to the latest. If you were responsible for random poor code dropped on your server by naive users ... well, you'd go nuts or bananas quickly.

  5. #5
    Join Date
    Jun 2003
    Location
    World Wide Web
    Posts
    581
    Probably, using insecure themes or plugins may cause the issue. Also, please ensure that the clients are using updated version of Wordpress and Joomla to avoid this in future.
    SupportExpertz.com - the name says it all!
    Managed Cloud Servers
    Server Management and Monitoring
    24x7 outsourced customer support

  6. #6
    Join Date
    Nov 2004
    Posts
    60
    Quote Originally Posted by HVH - George View Post
    You may like to work on trying to prevent these intrusions/hackings/defacements in the first place. A good mod_security ruleset can be very helpful in preventing certain web exploits such as SQL Injections, XSS and so on.

    Are you using a control panel on YOUR server? I know you mentioned when you were a reseller you had cPanel, but what about now?
    Yes, Still I'm using cPanel on all the servers...

  7. #7
    Join Date
    Jul 2010
    Location
    Cloud 9
    Posts
    57
    MOd_security will help alot; but as others have said, its probably coming from a poorly written template and/or old code. CXS is a great tool to help with malware in conjuction with mod_security and a good firewall (I like CSF).

    We had a joomla client that had a similar issue some time ago. We ran maldetect for him, he cleaned it his site and within a couple of days it was back.

    He finally decided to upgrade the joomla and changed the template and the attacks were gone.
    Hosted Desktops include Manages Support, Disaster Recovery and More!
    Hosted Desktops - Managed Services - Infrastructure as a Service
    UCclouds.com "Everything UC is in the Cloud"

Similar Threads

  1. Replies: 0
    Last Post: 11-02-2010, 01:45 PM
  2. Replies: 8
    Last Post: 11-16-2009, 07:12 PM
  3. PR 3 - Joomla / Wordpress Theme site with 1,700 visitors per month
    By KCgame in forum Other Offers & Requests
    Replies: 6
    Last Post: 10-11-2009, 08:28 AM
  4. Replies: 6
    Last Post: 07-25-2009, 11:10 AM
  5. Replies: 2
    Last Post: 11-22-2006, 02:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •