• AÉZA — CLOUD SERVERS FROM 0.02€/HOUR WITH ANTIDDOS PROTECTION

  • You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

Wordpress Site hacked

S

SamSC

New member
Jan 17, 2020
13
3
3
Hello,

I have several wordpress sites on one server.
Now today there was a critical error on all WordPress sites on this server.

I found the file "heyserv.php" in every directory.
Unfortunately, I have a fear that the file came via a plugin/theme from Babiato and wanted to ask if anyone else is currently having problems with such an incident.
 
SamSC said:
Hello,

I have several wordpress sites on one server.
Now today there was a critical error on all WordPress sites on this server.

I found the file "heyserv.php" in every directory.
Unfortunately, I have a fear that the file came via a plugin/theme from Babiato and wanted to ask if anyone else is currently having problems with such an incident.
Click to expand...
Please eleborate your issue:
- How is your server state? Which company, features, etc
- Which is the "common point" between these hacked websites? Plugin/Theme etc
- When you realized you'been hacked? (after install X theme or X plugin)
- Did you scan via any "security plugin" after this happened?
- Is there any out-dated plugin/theme you installed in any website? Or deactivated ?
 
  • Like
Reactions: SamSC, Snowflakes786 and xinhnhatvn
guguk said:
Please eleborate your issue:
- How is your server state? Which company, features, etc
- Which is the "common point" between these hacked websites? Plugin/Theme etc
- When you realized you'been hacked? (after install X theme or X plugin)
- Did you scan via any "security plugin" after this happened?
- Is there any out-dated plugin/theme you installed in any website? Or deactivated ?
Click to expand...
Hey thanks for your answer!

I'm getting to the bottom of it and think that it could be accessed from outside via a file upload.

After I restored a backup, I could see in the logs that an attempt was made to access a .gif. Apparently this .gif came into the system via a form upload.
Measures were to set up Wordfence and to block all IPs in this direction.
 
First thing you need to get rid heyserv.php by removing manually ....then rescan and ask server to scan since they can scan the root ..and if they find any files infected which i am sure even if you delete the file it will recreate the same after some time...if at all server support respond ..then you can take help of securi service they are expert ...i can be help to remove complete malware and make site live.....ask server to roll back to previous day backup say 8 days 10 days ...if none of the site updated ..... drop me msg
 
  • Like
Reactions: SamSC
SamSC said:
Hey thanks for your answer!

I'm getting to the bottom of it and think that it could be accessed from outside via a file upload.

After I restored a backup, I could see in the logs that an attempt was made to access a .gif. Apparently this .gif came into the system via a form upload.
Measures were to set up Wordfence and to block all IPs in this direction.
Click to expand...
Could you please give us more detail about form? is it contact form 7 or any premium form plugin nulled by here?
Please note that "form" or "inputs" very sensitive areas and needs to be protected. And I dont use even "search input" if I dont need it. If I should use a form then I prefer good one (gravity form for example) instead of free one (contact form 7) I remember that first time I was used wordpress a thousands websites hacked due to contact form 7. So I can see that people blame (no offense yourself) babiato's platform when happened this situation but "security" starting from protecting yourself not by a plugin or another thing.
 
  • Like
Reactions: SamSC
I think even if you don't use the Plugin and Theme shared by Babiato, you can still get hacked. Thank you for sharing.
 
Last edited:
I 2nd that. Always keep your WP +plugins + themes updated. Use Wordfence plugin + Cloudflare. Check your VPS logs.
 
www.instracker.net friends I spent $200 buying on this site account tracking via instagram and more pure pierced. They stole my bitcoins. Very angry with this situation I don't know how there are dishonest people in life. A site like this needs to go down. I suggest not to buy anything on this site. Stay tuned
 

Attachments

  • WhatsApp Image 2023-03-10 at 15.23.25 (1).jpeg
    WhatsApp Image 2023-03-10 at 15.23.25 (1).jpeg
    129.5 KB · Views: 24
hihihi said:
www.instracker.net friends I spent $200 buying on this site account tracking via instagram and more pure pierced. They stole my bitcoins. Very angry with this situation I don't know how there are dishonest people in life. A site like this needs to go down. I suggest not to buy anything on this site. Stay tuned
Click to expand...
Maybe you deserve it... Who on earth still believes this nonsense stupid things?

1678527967456.png
 
  • Haha
Reactions: vexing and Tuton
You must log in or register to reply here.

Similar threads

S
Wordpress site hacked
Replies
41
Views
2K
General Discussion
hpa105
hpa105
S
How to Secure Wordpress Site?
Replies
1
Views
303
General Discussion
Ignoreorders
Ignoreorders
B
Any Wordpress Or Web Developer Can help me to create Site
Replies
7
Views
501
General Discussion
livework
L
Booro
How to create a wiki and cataloglist site? Wordpress
Replies
0
Views
293
General Discussion
Booro
Booro
aplusk777
[ASK] How to share blogger post into wordpress site?
Replies
2
Views
432
General Discussion
aplusk777
aplusk777

Latest posts

Forum statistics

Threads
79,449
Messages
1,142,667
Members
248,324
Latest member
SANTHOSH#

Share this page

Share this page
Top Bottom
Back
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock