August 5, 2015 at 10:43 pm #161548
Yesterday my Genesis (Minimum Pro) site was hacked and Bluehost blocked my site. 'Malicious files' were on there apparently.
I had no choice other than to buy one of their SiteLock products as I wasn't confident to manually remove all of the files they said were suspect. My site isn't even back up yet so I need to contact them again today.
Has anyone had experience of this and how was it resolved? Is there no in built security in Genesis?
I realise from another post on here that I should have had something like Wordfence installed, but I wasn't aware of that until it was too late.
It did seem slightly odd that Bluehost couldn't allow me access so that I could install and run one of these plug ins instead of purchasing one of their affiliated security products. I could gain access via FTP but they said that was no good. Up until then I was quite happy with Bluehost.
Thanks for your comments on this. Chrishttp://www.chrislines.netAugust 5, 2015 at 11:24 pm #161551
More than likely the compromise was due to an out of date wp core or plugin and not Genesis.
Once you are back up, invest in some sort of auto / periodic backup solution that doesn't rely on your host. We're partial to UpdraftPlus but there's others as well. For security, we're partial to iThemes as it plays nice with nginx.
August 5, 2015 at 11:41 pm #161552
Thanks. Do you have any suggestions for cleaning the site of malware/finding out how the breach occurred?
Bluehost are offering to sell me a cleaning service for $200!
Cheers.August 5, 2015 at 11:44 pm #161553
How proficient are you with command line, wp, etc? I'd suggest somebody like https://sucuri.net/ although if Bluehost aren't going to give you much access I doubt they will give them. There's other vendors as well, but they should be able to tell you what the compromise is and how it occurred.
August 5, 2015 at 11:49 pm #161554
My experience is limited to going in and changing a few lines of code via FTP - I am no expert.
I can get into the FTP side of things, but that's it! I can't access my Dashboard at all... do you think FTP will be enough access or are my hands tied?August 5, 2015 at 11:52 pm #161555
When you say you can't access your dashboard what do you mean? Credentials have change or it is non-functional? Honestly I think your best bet is to engage someone like sucuri or go with bluehost.
You can try to clean it yourself with shell access (if BH will grant it to you) or FTP; however, you can never be sure you got it all. Better to have the experts take a look if the site means anything at all to you.
August 5, 2015 at 11:59 pm #161556
When I try to access the Dashboard it says 'The website you were trying to reach is temporarily unavailable.'August 6, 2015 at 12:07 am #161557
That could well be a case of BH disabling the site / protecting things etc. You'd need to dump the response headers to see what's really going on as that's a generic message from browser and doesn't indicate much.
Given your experience level (no dig at you, btw), have Sucuri or BH take care of this for you; that ~200 is nothing compared to the time and stress it'll take to do it yourself and more than likely you have to ask BH for help or access anyway.
Once they've done their bit, install iThemes or another plugin and install a backup plugin that takes periodic copies to cloud storage so if you do get taken again you'll have secure backups that don't rely on BH somewhat holding you hostage.
-- Not a commercial here, but for your future reference or anyone reading this later -- Our backup strategy is AT LEAST 14 nightly full copies of all client sites to Amazon S3 AND Google Drive. We don't roll these into our costs but eat it as part of business because we believe so strongly that solid backup is foundation / absolute necessity. By going to cloud storage outside of hosts; we can move sites without the need for the host to step in via DNS updates at most (since we use managed DNS partners moving sites is as fast as the copy takes). If a site is hacked or something goes wrong with a host we can mitigate the damage and move the site within minutes.
August 6, 2015 at 12:13 am #161558
Also a word on why this is important, since you've been compromised once they'll be back and/or sell you to the lists so you'll have an increased target footprint for sometime after this. So once the site is cleaned, you need to up your mitigation and protection strategies because you'll be attacked more frequently.
August 6, 2015 at 1:03 am #161561
Thanks for your help. Looks like I've got no choice other than to bite the bullet and pay!
- The forum ‘General Discussion’ is closed to new topics and replies.