r/techsupport Aug 18 '22

Website keeps getting infected with maleware Closed

Earlier this year one of the websites i made for a friend got infected with malware. The site redirected to other suspicious websites if you clicked on any links. I have cleaned the site from malware a few times and made a fresh wordpress install but nothing worked. It's always coming back and the hosting provider takes down the website. I honestly don't know what to do anymore. The malware probably came on to the site as a theme I have installed wasn't up to date. I contancted the support of the theme and they said they fixed it for me. This was 2 months ago, at first everything seemed to be good but now it came back again. Do you have any suggestions on what I could try to fix this? Thanks!

13 Upvotes

u/AutoModerator Aug 18 '22

If you suspect you may have malware on your computer, or are trying to remove malware from your computer, please see our malware guide

Please ignore this message if the advice is not relevant.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

16

u/george_toolan Aug 18 '22

Your website obviously has some security leaks and that's why will keep getting infected.

Did you install the latest version of Wordpress, PHP and other software on your server including all security patches?

See https://www.cvedetails.com/product/4096/Wordpress-Wordpress.html?vendor_id=2337

2

u/jonrick_ Aug 18 '22

Yes I have already reinstalled wordpress a couple times now. I think the issue is with the theme not wordpress itself. The support of the theme said they fixed it for me but it keeps reappearing. My hosting provider also gave me the exact files that are infected, which I all deleted but that didn't help.

12

u/CakeDanceNotWalk Aug 18 '22 edited Aug 18 '22

WordPress is horrible, because it is hard to mange this well. it would be better if you can move to other service provider like square space or wixx.

To prevent new attack, you can do a few things.

  1. install a security plugin, I've used wordfence with good results.

  2. Change the default login url.

  3. Disable all plugin you don't need

  4. Disable writes to your theme if you can.

  5. Add cache like cloudflare for your visitors, cloudflare would also double as firewall, they can block some attacks too.

  6. Make sure ssh service on the hosting provider are turn off.

  7. Disable phpadmin once you are done with it, it is a common source of hack too.

Basically all the basic security stuff.

Update: extra item for phpadmin.

4

u/CakeDanceNotWalk Aug 18 '22

just saw you have an issue with a persistent hack. Check your db, some script might persist inside your database, wipe it if you can.

5

u/Ok_Monk_5660 Aug 18 '22

FYI....I think you mean "malware"

1

u/jonrick_ Aug 18 '22

Oops, yes I do.

3

u/[deleted] Aug 18 '22

What they said. Nobody mentioned checking the DNS records. One of the first steps & easiest ways to maintain persistence over a domain.

Wordpress is inherently insecure. Ditch that nonsensical headache asap.

1

u/jonrick_ Aug 18 '22

What would you recommend instead?

6

u/[deleted] Aug 18 '22

I’m not big into paying for CMS, but they have many upsides for the tech-illiterate userbase. Drupal was a go to for a decade, but many FOSS alternatives exist now.

If it’s a business or you’re handling sensitive info then it’s often worth using the simple UI of Squarespace without major worry about security, compliance & governance. Wix shouldn’t be used, it’s data collection and other policies are awful and their infrastructure is crap in contrast.

Edit: here’s that link https://www.makeuseof.com/open-source-wordpress-alternatives/

2

u/saltyhasp Aug 18 '22

Just keep in mind CMS systems need constant updates. WordPress is notorious especially because of all the plugins. I have heard some people say it is better if one can just use the basic install hosted by WordPress.com. Do not know how true that is.

Have a relative that does WordPress dev. Asked them about this years ago. They said you have to check the site regularly and expect that it will get cracked. Not sure what they meant in detail. I think this was just their general experience and expectation.

2

u/Bitter_Anteater2657 Aug 18 '22

Look into Wordpress hardening as well as getting behind a WAF. And make sure all the admin users have updated their passwords to an actual secure password.

1

u/Vas1le Aug 18 '22

PHP or WordPress?

1

u/linuxlib Aug 18 '22

OP, can you tell us what you did to fix it? I assume it's fixed because it's now flaired as Closed.

2

u/jonrick_ Aug 18 '22

Well, turns out the client tried to fix it himself and deleted some of the important folders with all the content inside. Since there was no useable backup the site is gone now. Luckily it's not a very complex site so it won't take too long to rebuild. But I will probably stay away from wordpress in the future since I don't have the time and nerves to struggle with malware. I am also not a professional by any means.