My Web Site Was Hacked?

If someone may be using your site to participate in a DDoS attack, it may be due to a configuration error: You may want to see what ports you have open.

http://www.t1shopper.com/tools/port-scan/

Is someone using you to perform a denial of service attack on someone else? It is not just an annoyance to someone else, it also uses bandwidth that costs you money.

Test for misconfigured NTP server (UDP port 123)

http://openntpproject.org/

Test for open recursive DNS resolver (UDP port 53)

http://www.openresolver.com/

If chargen (port 19) is found, disable it. It is of no use to you and can be used to attack others.

About participating in WordPress Pingback DDoS attacks

https://isc.sans.edu//forums/diary/Wordpress+Pingback+DDoS+Attacks/17801

http://fooplugins.com/prevent-wordpress-pingback-ddos/

Is someone using you to send spam? Test for an open SMTP mail relay (port 25)

http://www.mailradar.com/openrelay/

The above attacks (NTP, DNS, Chargen, and WordPress Pingback DDoS attacks, as well as using you to send spam) do not indicate that you have lost information or that a virus has infected your system. They indicate that someone is taking advantage of a misconfiguration to use your site for their own purposes and make it look like you are responsible.

On the other hand, you can loose information and host viruses through other misconfiguration choices. PHP-based web sites (using Joomla, WordPress or Drupal for example) are often compromised through vulnerable plugins. For examples and corrective measures, see C99Shell not dead.

WordPress best practices https://bestvpn.org/bloggers-guide-to-wordpress-security/

WordPress Security Scan‍ https://hackertarget.com/wordpress-security-scan/
wpscan‍ https://wpscan.org/
WPscans‍ https://wpscans.com/
Web Shell Detector http://www.shelldetector.com/
PHP-Shell-Detector https://github.com/emposha/PHP-Shell-Detector
PHP-backdoor-detector https://github.com/yassineaddi/PHP-backdoor-detector

Advertisements

Comments are closed.