U build website over the host server LIVE? Perhaps u might wanna change the way u build website now over a localhost server. I use laragon to make everything simple, with a single click i can create wordpress website instantly.
You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.
Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"
They said "To our regret, our Shared Hosting packages don't have such a function. CloudLinux OS can be installed only on our Dedicated server packages."Let me clear something that actually all of us (especially I'm) wish samething but the topic always ramble another ways.
Coud you please find out answers for my other questions?
Is it better than xampp?U build website over the host server LIVE? Perhaps u might wanna change the way u build website now over a localhost server. I use laragon to make everything simple, with a single click i can create wordpress website instantly.
I'm using windows, so yes, it is better than xampp for my case.Is it better than xampp?
I download only from here and from trusted uploader or @Babakis there a confirmation of what plugin was with the backdoor?
i will not download a zip file with 127mb of plugins from a randomer
you probably downloaded some "nulled" theme this guys do this on themes mostly, and they hide their server with some basic base64 strings related or filechanges check dates before you touch anything on your file system, if you find anything with this profile post the file in some pastebin and tell us the link.
they probably stole your credentials and your website name and they sent it to their server, i used to play with this guys by filling their servers with fake data
Almost all shared hosting providers use Cloudlinux. Probably you should get away from Namecheap and host your site somewhere elseThey said "To our regret, our Shared Hosting packages don't have such a function. CloudLinux OS can be installed only on our Dedicated server packages."
Try scanning all your plugins and themes using GOTMLS anti-malware plugin. See if it can find any malware in your hacked plugins/themes.I download only from here and from trusted uploader or @Babak
That's the result I got bro!Try scanning all your plugins and themes using GOTMLS anti-malware plugin. See if it can find any malware in your hacked plugins/themes.
Anti-Malware Security and Brute-Force Firewall
This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.wordpress.org
Yeah, but what plugins exactly? Type the names so we can stay away if any is known to be backdoored.I download only from here and from trusted uploader or @Babak
Let's be little clear over your issue. I have read all the comments.
1. When someone entered into your website with admin details then possibilities can be unlimited. If you are using VPS check your firewall logs. If you don't know how to then ask your hosting provider. For Managed server's they will have access.
2. Can plugins have backdoor access ?
Absolutely. Doesn't matter if it is nulled or original. This is internet and every second someone will try to find a new way to get details.
3. It is not a bot/crawler in your scenario i believe so. Even if you assume it is bot that cracked your admin details via what ever method. Then simply your firewall settings are weak and you need to learn to how to handle like strong password or setting up custom login page or blocking xmlrpc which are basic.
4. I have been using nulled plugins for quite sometime infact I test them on live server's. If i uninstall them then i will make sure leaving no traces of plugin behind form tables.
5. And firewall plugins always gives you a list of risks no matter you if it is original or nulled. So ignore them.
6. Most importantly when you are using nulled plugins then you should consider backing up your data on priority. Make sure to use some auto backup plugins like updraft.
7. Every plugin is vulnerable so is litespeed.
8. Unless you give logs of your server. No one can help you in specific.
9. If you are using Cloudflare. Then check firewall from security tab to see if you can find any clue.
You have to stick to one point.1- The hack was through plugin or theme they didn't have access to the back-end or the cpanel
2- It was backdoor for sure
3- Since I followed their step and added robot.txt didn't have the problem again and no one tried to login since.
7- I have already removed Litespeed.
8- I can't and won't share my login details I asked her and I included the backup plugins of the ones I was using that's all you need no need for my login details.
9- Not using Cloudfare but I'm considering moving from Namecheap
Namecheap sucks1- The hack was through plugin or theme they didn't have access to the back-end or the cpanel
2- It was backdoor for sure
3- Since I followed their step and added robot.txt didn't have the problem again and no one tried to login since.
7- I have already removed Litespeed.
8- I can't and won't share my login details I asked her and I included the backup plugins of the ones I was using that's all you need no need for my login details.
9- Not using Cloudfare but I'm considering moving from Namecheap
Theme and plugin detectors for WordPress sites are not correct all the time. You can hide your plugins but not LiteSpeed cache. On my sites I hide all plugins but if I use a tool like builtwith or wapalyzer I see only litespeed cache. 2 Sites that happen to have litespeed in common is not evidence of a security flaw in litespeed cache. Why would a hacker that used the cache plugin want to tell you not to used nulled content, how would he even know you used nulled plugins or themes? This clearly not a issue with litespeed, most probably a backdoor in a plugin or theme.Bingo! I figure out why I was hacked. It was vulnerability in LiteSpeed Cache plugin!
I have attached a picture of the hacker leaving a message on website that uses "LiteSpeed Cache".
In less than 10 hours 2 website were hacked and left with that message and maybe more.
Mine and ssuaych.org! How do I know? I did scan plugins for ssuaych.org and they are only using LiteSpeed Cache along with other plugins and what we have in common? Just one plugin and it's LiteSpeed Cache.
I have deactivated it and deleted it.
You can all check the following article:
Word-press plugin lightspeed caches security flaws and how to exploit them | Briskinfosec
Stay ahead of potential security threats with our in-depth analysis of the security vulnerabilities in the popular Wordpress plugin, LightSpeed Cache. Learn how attackers may exploit these flaws and how to protect your website from potential hacking attempts.www.briskinfosec.com
So it wasn't the plugin I downloaded from here it was the goddamn LiteSpeed Cache.
Any thoughts?
We get it, advertisements are annoying!
However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.
If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.