Someone hacked my site! wtf

[Trigger]

Ok basically I think someone hacked into my site and put a .htaccess 302 redirects on my addon domains so that instead of me getting credit for the lead they did.

They kept the offers I was promoting the same so that I wouldn't notice.

So today I decided to change the offer because I am getting enough traffic to expect at least a conversion a day but I havent had a conversion since december.

So I change the affiliate link in the meta-refresh script to a different offer, upload it to my host, then go to my website to see if it works ok. BUT it redirected to my old offer.

After uploading the meta refresh script a few more times and it not working, I finally downloaded the .htaccess file and sure enough it was a 302 redirect.

This fuckin pisses me off.

How do I protect myself so this doesn't happen again?

 

[Drake]

It mighta been someone else on the same box that got hacked. But do you run a ton of scripts, plugins etc? Set the permissions carefully? Dont use "admin" as a user?

Whats your host? Have you notified them? They can tell you what happened and if you or someone else was to blame.

 

[RainingGains]

Change passwords.

Get someone to look through logs as they may have gained access using an exploit in an outdated script you have somewhere.

 

[Trigger]

yea i havent updated wp in a while so that could be it i dont know.

It mighta been someone else on the same box that got hacked. But do you run a ton of scripts, plugins etc? Set the permissions carefully? Dont use "admin" as a user?

Whats your host? Have you notified them? They can tell you what happened and if you or someone else was to blame.

I have some wp pluggins and a few scripts, I have no idea what permissions are and im pretty sure I always use admin but I dont really know.


I use bluehost and I haven't contacted them yet. I just found out about this like 10 min ago but I think Im about to give them a call.

 

[Drake]

Call them. There might be hundreds of sites on that server and they are all at risk but obviously not doing aff sites.

I would start a tech ticket too with your host. Sometimes that is faster.

ThenI would go to the affiliate company with as much data on the affid as you have.

 

[thunderlips]

PWNED

 

[adi.azar]

Check your Database tables. He may already injected certain script that point at script on his own server (or the tmp folder if you are on a shared hosting).. He can change anything on your server eventhough you changed DB...

You must check your DB tables, specially the one for plugins and make sure it does not have weird entries...

WordPress is such a piece of shit product! I do not how a developer leave a product like that without protecting their users from SQL injections, which is truly easy thing to be done...

Last year, 500,000 blogs were hacked, Including mine. I am software engineer, I could fix it, but others, I doubt... Google just decided to remove them from their index.

Good luck!
Adi

 

[jeanpaul1979]

Go with Expression Engine, it's paid but if you run a serious site it's better then wordpress. It has an excellent security record too.

 

[Mr. Websites]

Did you get in touch with the network about this? They can pinpoint the affiliate from the URL, and maybe compensate you through his unpaid earnings.

 

[allcelldeals]

Don't mean to highjack. But quick question. I suspect my berries blog was hacked. I was getting conversions on myspace for a while and then out of nowhere it just stopped. I could see them hitting my page on statcounter, but the bounce rate was 100% for like 3 days. I'm talking hundreds of clicks and not one click through from myspace traffic. My other traffic was fine, but nothing from myspace reffers. I know things can fluctuate, but my ads where the same except for some new ones and there is now way I can go through almost 1,000 clicks without one person clicking on the exit link to the offer. I use a heatmap and when I stopped all traffic except myspace nothing showed up.

So, I'm thinking there must be a way to redirect traffic coming from myspace by refferer or either myspace was tripping and sending bogus clicks, but like I said out of nearly 1,000 clicks from myspace, not one click through to the offer.