In the last reply from LoveBug. Just scroll up.
4 Likes
You’re not supposed to be able to edit file permissions because, like I said, it’s a foot gun. But it appears that it was possible anyway somehow.
By my best guess, the cause is what you guessed as well:
If so, this was most likely done through PHP code. I’m trying to get this changed and the PHP function blocked, but this won’t help any sites where the file is already corrupted.
3 Likes
It would be your greate favor and more if the issue resolved i want to move your premimum plan, but this type of attack from hacker is not unacceptable at all at premium hosting as you will have to give the maximum security
you will have to give miximum security like hostinger and godaday, i would be more happy to with your premium hosting plan, as you have given me free of cost sever for the last year. If you migrate my website into new server,Where is no other affected website are running, i am ready to go with premimum plan
Have you determined how this hacker managed to create an admin account on your forum ?
A couple of things come to mind
-
Posting a screen shot of the file manager with the url
Never do this as the url contains your account password in base64 format -
An exploitable wordpress plugin
Always research any wordpress plugin for vulnerabilities before installing
4 Likes
ok i will keep in mind all the things, please remove all the unknown script from the disctionary, after clearning i will take backup and go with the premimum plan
Oh and I’m sorry I never got back to you, I had a long exhausting day, I skipped food because I was so busy and when I did finally eat at night I fell asleep
2 Likes
Pleae see the issue please and check my website it is now not working There has been a critical error on this website.
another issue occured I am unable to login through your cpanel. It says There has been a critical error on this website. Please check your site admin email inbox for instructions.
Then please follow the guide you linked and work out how to fix it.
This may even be related (it probably is) to the .htaccess thing
3 Likes
Thanks God, Now my site is working properly, thanks for the support. In case of any issue, i will send you message.
Dear Sir
Few days ago my site was hacked and someone and system has locked my .htccess file and with the help of you, i will able to get it back. Today, i was again login and see there were unknown same plugin were installed in my wordpress dash board which name was Advance Manager file or Manager file . Where my all dictionary including wp include, wp content, wp adim were visiable. i have immediately deactived and uninstall the same even i have changed my all the password. My question is, why someone able to get my root dictionary. Kindly look into the matter please
You don’t understand. It does not matter why the file was locked, or who locked it. The only thing that matters is the fact that it is locked.
Nobody can change the file permissions to be editable again because everyone is locked out. No sob story you feed us is going to change that.
4 Likes
It is for your kind information it is not locked now, the file is now working fine, you did not understand my question, i said, the website was working fine for the last two to three days , today when i login today at wordpress dashboard, there were unknown plugin plugin was intall, my question was who,s somebody can install the plugin since i have changed the password and everyting. Your responce was irrelvent as i am aksing different you are replying different.
I think, we should leave the matter and topic locked and unlocked, i want to know how someone can approvach to my dashboard or root dictironary since i have changed the password two days ago
What makes you think we can answer that question?
There are a number of potential different entrypoints a hacker could try to exploit to gain access to your website. But given that the hacker may have installed a file manager plugin, it seems very likely to me that they were able to gain admin access to your website first (after all, if they already had access to your hosting account, they could just have used our file manager).
That could happen through a plugin or theme that contained a vulnerability, or maybe included malware to begin with (never use nulled/cracked software!). Maybe someone was able to crack your password, or was able to obtain it somehow through your computer or network. Or maybe you gave someone else admin access to your site, and they used a weak password or had their credentials stolen.
The key part for us is that there does not appear to be any vulnerability or exploit in our platform.
And while we care for the security of your website, it’s still your website, and you’re still the person who is ultimately responsible for securing it. And if you fail to do that someone, then it’s not our responsibility to do extensive, in-depth forensic investigation to figure out why your site got hacked.
Finally, I’m not sure whether any of this is related to the matter of your .htaccess file not being editable.
7 Likes
4 posts were merged into an existing topic: Upgraded my hosting account
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.