My site has been hacked and brought down TWICE in the last 24 hours.
 

I own and run MormonGirlz.com. We're getting seriously attacked and while I'm working on increasing my security (Cloud Flare) I'm also wondering how to track down whoever is doing this. Isn't it highly illegal? Any thoughts on what I can do?

Thanks for your help!

If your website was hacked, means your code is not secure, you should first take a look there, to see which part was exploited.

You are using a Free cloudflare plan ?

Yep, on it. And I'm not sure what cloudflare plan I will use. Haven't done it yet. Recommendations?

I like the concept :thumbsup

Any site can be hacked if enough time and effort are put in. Therefore, your site security also needs to address the need to backup your site to be able to recreate it.

To remove your site from what hackers consider "Low Hanging Fruit" do the following:
No usernames should be admin and no passwords should be similar to the site name or have dates associated with you personally.
Keep Wordpress, your plugins and your theme updated to the newest versions.
Turn off comments completely. This is optional but strictly for site security, it is preferable.
Be sure you are backing up your site frequently as well.

If you are using wordpress I recommend WordFence and also to relocate the login page (all cms are having the same url structure). Then I would also change all passwords/usernames. Another thing to do is setting up cloud fare as you mentionned, the détails for each plan are on their website. But even normal (free) plan are more secure as all traffic il filtred a minimum.
Then why not looking into the connection logs (in your cpanel) and see what ip adress caused this? Then blocking the ip will be simple.. (or the domain/internet seller).

Hire a security team

Being attacked is one thing, being owned is another; While DDoS/DoS can be countermeasured by your operator and as a last line of defense, yourself (or your bofh), being owned usually means someone exploited your code either through SQL injection or other security vulnerability. Finding the full extent of an infiltrated server can take some time and is a very demanding task. There are scripts which might work up to a point, but usually the diagnosis and post mortem are done with the file system on read only and by comparing the hashes of the files with a network copy/backup.

While I might help this one time for the fun of it (assuming it's a POSIX compliant system), I won't fix other peoples code.

Message me if you want my skills on this one!

I don't think you can track them down just because they attack your website. They usually do this using lots of other hacked sites/servers. Probably you could track them only after being hacked if they are stupid enough to leave any traces.

But, the questions is... what does "seriously attacked" means? Is it a DDOS attack? Then it means they simply want to disrupt your services. That is usually the competition.
Are they trying to find exploits? Are they trying to access your admin area using a dictionary attack?

11-03-2015

This is an old thread. Why you even respond to that?

:winkwink:

probably to reach 30 posts so he can post urls :)

I hate to tell you this
 

I hate to tell you this, but I am a former hacker, and I deal with sites and security consulting now. First off it's wordpress, or Joomla you got problems. and if you are hiding behind cloudflare does know good, it's still possible to get your physical ip address, and that is the flaw with cloudflare, contact me on skype: john.sexmex I can help you.

sad to hear :(

:1orglaugh:1orglaugh:1orglaugh

that's funny

see even the wordpress are gets hacked
you have not mentioned on which cms your site is

Cloudflare don't save your ass from hackers!
1. Always update your wordpress ASAP.
2. Keep updated plugin
3. Remove old plugins and try find paid solutions
4. buy https://codecanyon.net/item/hide-my-...dpress/4177158
5. use backup system to restore working version when you need it.