These guys have been on my case for the last 3 weeks, has any one else had these attacks before and found how they get in? I have pretty much done all kind of checks (see below) and cleared it numerous times.
They basically kick out everything in the root directory, and it just shows a index.html and their .htaccess file.
Even found them in the google search console, unknown user, who submit their sitemap, which in the worst case showed up on google … could it be google site kit? We work with ACF all custom builds (no themes) and try to keep plugins to a minimum.
Has anyone had these issue and managed to keep them out…
This is how your site shows up
As said I have done all the standard stuff, always have wordfence running by default, 2fa, brutforce settings harden… in addtion i have:
- Review User Accounts
- Reset All Passwords (Users / FTP and DB)
- Checked wp-config.php and .htaccess for Any Modifications
- Disable Theme Editor in WordPress Backend
- Checked Permission Settings
- Change Salts and Security Keys in wp-config.php
- Hide Login url (since most keep on hitting this
- disabled XMLRPC PHP
- Block access to wp-config.php
- I have scaned them with sucucri, total virus, kaspersky, quttera, etc…
Any suggestion / ideas will be really appreciated.These guys have been on my case for the last 3 weeks, has any one else had these attacks before and found how they get in? I have pretty much done all kind of checks (see below) and cleared it numerous times.They basically kick out everything in the root directory, and it just shows a index.html and their .htaccess file.Even found them in the google search console, unknown user, who submit their sitemap, which in the worst case showed up on google … could it be google site kit? We work with ACF all custom builds (no themes) and try to keep plugins to a minimum.Has anyone had these issue and managed to keep them out…As said I have done all the standard stuff, always have wordfence running by default, 2fa, brutforce settings harden… in addtion i have:
Review User Accounts
Reset All Passwords (Users / FTP and DB)
Checked wp-config.php and .htaccess for Any Modifications
Disable Theme Editor in WordPress Backend
Checked Permission Settings
Change Salts and Security Keys in wp-config.php
Hide Login url (since most keep on hitting this
disabled XMLRPC PHP
Block access to wp-config.php
I have scaned them with sucucri, total virus, kaspersky, quttera, etc…Any suggestion / ideas will be really appreciated.