1749 posts
  • 4 Years of Membership
  • Beta Tester
  • Collector Level 2
  • Exclusive Author
webdesignerart
says

Hi Guys,

Some people want to hack my website, i seeing from admin some extra user signup created not administrator but as contributer role, they trying to access my sitemap.xml and use so main sql quries to inject.

I am tired many times to ban there ip’s but now seemms they become more anger and again continues in try to any how login as administrator and distroye my website.

So what i have to do. My website is on wordpress and i am the lover of wordpress.

353 posts
  • Featured Item
  • Trendsetter
  • Winner
  • Netherlands
+9 more
RikdeVos
says

Delete those users and prevent people from signing up on your site.

213 posts
  • 2 Years of Membership
  • Author Level 1
  • Collector Level 2
  • Exclusive Author
+2 more
themelux
says

Do what the person above said, but also contact your web hosting provider and aware them of the issue along with the users IP adress as they can do a server side ban.

1749 posts
  • 4 Years of Membership
  • Beta Tester
  • Collector Level 2
  • Exclusive Author
webdesignerart
says

But friends my website is social sharring website, user can register/signup for posting content. regarding for web host adminmistrator what things have to give them?

213 posts
  • 2 Years of Membership
  • Author Level 1
  • Collector Level 2
  • Exclusive Author
+2 more
themelux
says

But friends my website is social sharring website, user can register/signup for posting content. regarding for web host adminmistrator what things have to give them?

You need to alert them of what the hacker is trying to do along with their IP adress if you have it, they’ll block that person from accessing your website and the hosts server.

1034 posts
  • Author Level 3
  • Beta Tester
  • Collector Level 1
  • Exclusive Author
+2 more
BenSheppard
says

If users can add an account with admin “quality’s” you need to think about the way the accounts created, if there is hidden inputs to add the user level that can be easily compromised, also you should make sure you don’t allow any SQL queries or HTML characters through on the PHP side

1749 posts
  • 4 Years of Membership
  • Beta Tester
  • Collector Level 2
  • Exclusive Author
webdesignerart
says

Thanks mates for your suggestion regarding for webhost and for SQL Queries. :|

243 posts
  • 6 Years of Membership
  • Affiliate Level 1
  • Author Level 3
  • Weekly Top Seller
creativestuff
says

since they try to inject with a script .. try to capture some browser headers to make sure scripts are accessible only by real user and not bots

by
by
by
by
by
by