Spiezz Digital

When You Get Hacked

My facebook friend Tracee Sioux messaged me.
“Dude there was a giant RED screen that said I was in danger and to leave the site immediately when I clicked.”

When I logged on in Chrome, things looked fine. Firefox, Safari, also no problem.

WTH, I thought. I had to find out what was going on.

I turned to facebook and used it for what it is best used for- crowdsourcing. Figuring that it might have something to do with her geographical area, I sent a group message out to friends in California, Denver, Florida and Louisiana asking them to look at my site. I got two reports that everything was fine so I started to breathe easier. Then a report from my friend John in Denver.

“There’s an obviously fake flash download screen that comes on when I go to your site. I tried to go back and screen capture it but it didn’t come back”

Not as bad as the time someone downloaded flashing skulls and lightning onto my site, but still, I was not happy.

Here’s what I did to fix it.

  • 1. Got into my site with FTP. You can see ALL THE FILES with FTP. It’s really old school, but still useful.
  • 2. Locked down ALL MY PERMISSIONS. So, the reason you can upload pictures to your site is that there is a vulnerability in the file permissions that allows you to do that. If you are on a high-security server, you will have to change permissions every time you want to upload a plugin or a picture. It’s not just a matter of someone getting your password.
  • 3. Looked into my wp-content/uploads folder. I usually name things something that makes sense- (even if it’s screenshot_margaret) so when I saw a file named cpxhuxfy.php I knew it didn’t belong.
  • 4. I removed all those files.
  • 5. I revisited all my permissions. wp-config (in the public_html file) should be 664. EVERYTHING ELSE (use the “recurse into subdirectories” option) should be 775.
    When you need to get in to add files and images, go to wp-content and then the appropriate folder and change it to 777 until you are done.
  • 6. VERY IMPORTANT! When you are done, close that door! Change your permissions back to 775!!

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

My facebook friend Tracee Sioux messaged me. “Dude there was a giant RED screen that said I was in danger and to leave the site immediately when I clicked.” When I logged on in Chrome,…

in

Discover more from Spiezz Digital

Subscribe now to keep reading and get access to the full archive.

Continue reading