Hack de mon site….je suis perdu (Créer un compte)

  • WordPress :5.3
  • Statut : non résolu
10 sujets de 1 à 10 (sur un total de 10)
  • Auteur
    Messages
  • #2305025
    doublenico79
    Participant
    Initié WordPress
    5 contributions

    Bonjour,

    Ma configuration WP actuelle

    • Version de PHP/MySQL :
    • Thème utilisé : Newspaper 10
    • Extensions en place :
      Add Follow Button For Pintrestµ
      Akismet Anti-Spam
      Anti-Spam by CleanTalk
      BackWPup
      Captcha, Anti Spam, Security, Spam Protection – Captcha Booster
      Classic Editor
      Contact Form Manager
      Cookie Notice
      File Gallery
      GA Google Analytics
      iThemes Security
      Javascript Html and Text Adder
      Jetpack par WordPress.com
      MailPoet 2
      MailPoet 3 (nouveau)
      MonsterInsights – Google Analytics pour WordPress
      Praison SEO
      Public Post Preview
      reCaptcha by BestWebSoft
      Shareaholic – Grow and Engage Your Audience
      Slider Revolution
      tagDiv Cloud Library
      tagDiv Composer
      tagDiv Mobile Theme
      tagDiv Multi-Purpose
      tagDiv Social Counter
      tagDiv Standard Pack
      Ultimate Nofollow
      UpdraftPlus – Sauvegarde/Restauration
      Wordfence Security
      WordPress Importer
      WP External Links
      WP Google Fonts
      WP Sitemap Page
      WP Super Cache
      Yoast SEO
    • Nom de l’hébergeur : 1&1
    • Adresse du site : http://mamandeouistiti.com/

    Problème(s) rencontré(s) :

    Bonjour,

    Je suis victime de hach et je ne sais pas comment inversé la tendance…
    Je suis avec la dernière version de WordPress avec le thème payant Newspaper à jour.

    Ca a commencé par une vague de commentaires indésirables et ca empire.
    Mon hébergeur ionos à plusieurs fois désactivé mon site par sécurité.

    J’ai installé iThemes Security et rien que pour aujourd’hui j’ai
    – 35 fichiers ajoutés
    ex :

    wp-content/cache/supercache/mamandeouistiti.com/2019/03/instagram-retouche-photo-presets-justineblchn/index.html

    – 17 supprimés

    wp-content/cache/supercache/mamandeouistiti.com/2015/05/home-pas-tout-a-fait-sweet-home/wp-cache-a831684c5b916fb3147ff99b7191f5da.php

    16 modifiés

    wp-content/cache/supercache/mamandeouistiti.com/2017/05/rgo-et-coliques-le-duo-infernal/index-mobile.html

    Worfence m’indique
    lock Type Complex Brute Force
    Today 1 3
    Week 44 67
    Month 44 80

    Merci d’avance pour votre aide

    #2305030
    Li-An
    Modérateur
    Maître WordPress
    23270 contributions

    Bonjour, vous pouvez installer cette extension pour faire un point sur la sécurité de vos extensions. Sinon, un lien utile https://wpfr.net/support/sujet/solutions-de-depannage-pour-un-site-hacke-pirate/

    #2305065
    doublenico79
    Participant
    Initié WordPress
    5 contributions

    Bonjour,

    Merci. De quelle extension parlez-vous ?
    Merci pour le lien.

    #2305066
    Li-An
    Modérateur
    Maître WordPress
    23270 contributions
    #2305073
    doublenico79
    Participant
    Initié WordPress
    5 contributions

    Merci.
    Voilà le résultat :

    Vulnerability found: Contact Form Manager – CSRF & Cross-Site Scripting (XSS) [* note: no fix currently exists for this issue *] — View details

    Vulnerability found: Pinboard 1.0.6 – includes/theme-options.php tab Parameter XSS [* note: no fix currently exists for this issue *] — View details

    Vulnerability found: Pinboard – themify-ajax.php File Upload Arbitrary Code Execution [* note: no fix currently exists for this issue *] — View details

    Je viens de supprimer le thème.
    Contact form manager était désactiver, je viens de le supprimer l’extension.

    Hélas avec le plugin j’ai maintenant une erreur, j’ai déjà dépassé le quota…
    <div id=”api-usage-info”>

    Current subscription plan: Free

    Daily API request limit: 50

    API requests in the past 24 hours: <span class=”red”>51</span>

    </div>
    <div class=”aju”></div>
    <div class=””>
    <div id=”:15l” class=”ii gt”>
    <div id=”:15k” class=”a3s aXjCH “>
    <div>
    <div class=”gmail_quote”></div>
    </div>
    </div>
    </div>
    </div>

    #2305074
    Li-An
    Modérateur
    Maître WordPress
    23270 contributions

    Je n’ai jamais utilisé l’extension et je ne savais même pas que c’était limité (mais je m’en doutais). Vous avez en tous les cas des pistes de ce qu’il faut supprimer. Ensuite, il faudra faire un nettoyage comme indiqué dans le second lien.

    #2305112
    doublenico79
    Participant
    Initié WordPress
    5 contributions

    Par curiosité je viens d’ouvrir mon fichier htaccess
    Il vous semble normal ?

    Options +Indexes
    RemoveHandler .html
    RemoveType .html
    AddType text/html .html
    Satisfy any
    Order Deny,Allow
    Allow from 212.227xxxx.XXX ==>semble correspondre à l’IP de 1&1
    Deny from all
    AuthType Basic
    AuthName “Access to /logs”
    AuthUserFile /kunden/homepages/7/d544305268/htpasswd
    Require user uXXXXXXXXX ==>mon user

    Merci

    #2305120
    Li-An
    Modérateur
    Maître WordPress
    23270 contributions

    Vous l’avez trouvé où ? Vous pouvez nous faire une capture d’écran ?

    #2305121
    doublenico79
    Participant
    Initié WordPress
    5 contributions

    Euh j’ai du me planter de fichier….même si je ne sais pas comment c’est possible…
    Voici le contenu de mon fichier qui se trouve dans le dossier wordpress

    # BEGIN iThemes Security – Ne modifiez pas ou ne supprimez pas cette ligne
    # iThemes Security Config Details: 2
    # Activer la liste noire de HackRepair.com – iThemes Security > Réglages > Blocage d’utilisateurs > Liste noire par défaut
    # Start HackRepair.com Blacklist
    RewriteEngine on
    # Start Abuse Agent Blocking
    RewriteCond %{HTTP_USER_AGENT} “^Mozilla.*Indy” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Mozilla.*NEWT” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^$” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Maxthon$” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^SeaMonkey$” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Acunetix” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^binlar” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^BlackWidow” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Bolt 0” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^BOT for JCE” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Bot mailto\:craftbot@yahoo\.com” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^casper” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^checkprivacy” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^ChinaClaw” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^clshttp” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^cmsworldmap” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Custo” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Default Browser 0” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^diavol” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^DIIbot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^DISCo” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^dotbot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Download Demon” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^eCatch” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^EirGrabber” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^EmailCollector” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^EmailSiphon” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^EmailWolf” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Express WebPictures” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^extract” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^ExtractorPro” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^EyeNetIE” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^feedfinder” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^FHscan” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^FlashGet” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^flicky” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^g00g1e” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^GetRight” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^GetWeb\!” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Go\!Zilla” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Go\-Ahead\-Got\-It” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^grab” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^GrabNet” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Grafula” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^harvest” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^HMView” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Image Stripper” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Image Sucker” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^InterGET” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Internet Ninja” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^InternetSeer\.com” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^jakarta” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Java” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^JetCar” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^JOC Web Spider” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^kanagawa” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^kmccrew” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^larbin” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^LeechFTP” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^libwww” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Mass Downloader” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^microsoft\.url” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^MIDown tool” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^miner” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Mister PiX” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^MSFrontPage” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Navroad” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^NearSite” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Net Vampire” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^NetAnts” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^NetSpider” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^NetZIP” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^nutch” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Octopus” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Offline Explorer” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Offline Navigator” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^PageGrabber” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Papa Foto” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^pavuk” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^pcBrowser” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^PeoplePal” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^planetwork” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^psbot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^purebot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^pycurl” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^RealDownload” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^ReGet” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Rippers 0” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^sitecheck\.internetseer\.com” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^SiteSnagger” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^skygrid” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^SmartDownload” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^sucker” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^SuperBot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^SuperHTTP” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Surfbot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^tAkeOut” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Teleport Pro” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Toata dragostea mea pentru diavola” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^turnit” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^vikspider” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^VoidEYE” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Web Image Collector” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WebAuto” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WebBandit” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WebCopier” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WebFetch” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WebGo IS” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WebLeacher” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WebReaper” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WebSauger” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Website eXtractor” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Website Quester” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WebStripper” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WebWhacker” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WebZIP” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Widow” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WPScan” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WWW\-Mechanize” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^WWWOFFLE” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Xaldon WebSpider” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^Zeus” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “^zmeu” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “360Spider” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “CazoodleBot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “discobot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “EasouSpider” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “ecxi” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “GT\:\:WWW” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “heritrix” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “HTTP\:\:Lite” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “HTTrack” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “ia_archiver” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “id\-search” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “IDBot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “Indy Library” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “IRLbot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “ISC Systems iRc Search 2\.1” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “LinksCrawler” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “LinksManager\.com_bot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “linkwalker” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “lwp\-trivial” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “MFC_Tear_Sample” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “Microsoft URL Control” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “Missigua Locator” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “MJ12bot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “panscient\.com” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “PECL\:\:HTTP” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “PHPCrawl” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “PleaseCrawl” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “SBIder” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “SearchmetricsBot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “Snoopy” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “Steeler” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “URI\:\:Fetch” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “urllib” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “Web Sucker” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “webalta” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “WebCollage” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “Wells Search II” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “WEP Search” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “XoviBot” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “YisouSpider” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “zermelo” [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} “ZyBorg” [NC,OR]
    # End Abuse Agent Blocking
    # Start Abuse HTTP Referrer Blocking
    RewriteCond %{HTTP_REFERER} “^https?://(?:[^/]+\.)?semalt\.com” [NC,OR]
    RewriteCond %{HTTP_REFERER} “^https?://(?:[^/]+\.)?kambasoft\.com” [NC,OR]
    RewriteCond %{HTTP_REFERER} “^https?://(?:[^/]+\.)?savetubevideo\.com” [NC]
    # End Abuse HTTP Referrer Blocking
    RewriteRule ^.* – [F,L]
    # End HackRepair.com Blacklist, http://pastebin.com/u/hackrepair
    # END iThemes Security – Ne modifiez pas ou ne supprimez pas cette ligne

    # BEGIN WordPress
    # Les directives (lignes) entre ‘BEGIN WordPress’ et ‘END WordPress’ sont
    # généré dynamiquement, et ne doivent uniquement être modifiées via les filtres WordPress.
    # Toute modification des directives entre ces marqueurs sera outrepassée.
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

     

    Avant l’installation iThemes Security dans ma sauvegarde sur mon pc, voici le contenu que j’avais :
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    #2305125
    Li-An
    Modérateur
    Maître WordPress
    23270 contributions

    Ben dis donc, il en bloque des choses, iThemes. Pas de remarque particulière à faire.

10 sujets de 1 à 10 (sur un total de 10)
  • Vous devez être connecté pour répondre à ce sujet.