1200 MBB, The Roscomare, Oakhurst 90210, Primrose Terrace & Franklin Skyline post hack restoration
Problem: A bad actor gained access to the website. They were able to edit many files adding scripts and creating redirects away from the websites.
Causes:
- Out of date plugins
- Out of date themes
- Identical passwords used for users, this made it easier for the bad actor to gain access to the other websites.
- Created a new server with new login credentials
- Created new databases
- Performed malware scans
- Removed malicious users
- Imported website versions prior to break/hack
- Installed and configured the Wordfence Security – Firewall & Malware Scan plugin. This plugin will perform automated scans for malware, track file changes, and other security functions
- Removed all unused themes, these can increase the exploitation opportunities
- Removed the default login page and created a custom URL. This helps by making it more difficult for bad actors to perform brute force attacks
- Login tracking and alerts, this will alert us of any users that login or attempt to log in
- Increased automated remote backups frequency to daily. The backups are stored for the last 7 days. This will aid in website restorations if needed in the future
- Increased security level settings to medium inside of CloudFlare (DNS). This will aid in filtering out suspicious/malicious web traffic.
- Enabled bot fight mode inside of CloudFlare (DNS). Requests matching Cloudflare-identified, non-legitimate automated traffic patterns will be challenged and/or blocked by Cloudflare.
- Enables auto-update for all plugins, this will aid in keeping all plugins up to date and reduce the chance of hackers finding exploits
- Ensured that all 5 sites have unique passwords for all users, database access, and other info.