1666 posts
  • Has been part of the Envato Community for over 4 years
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
+1 more
webdesignerart says

Hi Guys,

Some people want to hack my website, i seeing from admin some extra user signup created not administrator but as contributer role, they trying to access my sitemap.xml and use so main sql quries to inject.

I am tired many times to ban there ip’s but now seemms they become more anger and again continues in try to any how login as administrator and distroye my website.

So what i have to do. My website is on wordpress and i am the lover of wordpress.

348 posts
  • Won a Most Wanted contest
  • Won a competition
  • Located in Netherlands
  • Has sold $40,000+ on Envato Market
+6 more
RikdeVos says

Delete those users and prevent people from signing up on your site.

213 posts
  • Has been part of the Envato Community for over 2 years
  • Has sold $1+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
+2 more
themelux says

Do what the person above said, but also contact your web hosting provider and aware them of the issue along with the users IP adress as they can do a server side ban.

1666 posts
  • Has been part of the Envato Community for over 4 years
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
+1 more
webdesignerart says

But friends my website is social sharring website, user can register/signup for posting content. regarding for web host adminmistrator what things have to give them?

213 posts
  • Has been part of the Envato Community for over 2 years
  • Has sold $1+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
+2 more
themelux says

But friends my website is social sharring website, user can register/signup for posting content. regarding for web host adminmistrator what things have to give them?

You need to alert them of what the hacker is trying to do along with their IP adress if you have it, they’ll block that person from accessing your website and the hosts server.

1034 posts
  • Has sold $100+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 1+ items on Envato Market
  • Sells items exclusively on Envato Market
+2 more
BenSheppard says

If users can add an account with admin “quality’s” you need to think about the way the accounts created, if there is hidden inputs to add the user level that can be easily compromised, also you should make sure you don’t allow any SQL queries or HTML characters through on the PHP side

1666 posts
  • Has been part of the Envato Community for over 4 years
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
+1 more
webdesignerart says

Thanks mates for your suggestion regarding for webhost and for SQL Queries. :|

243 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
creativestuff says

since they try to inject with a script .. try to capture some browser headers to make sure scripts are accessible only by real user and not bots

Helpful Information

  • Please read our community guidelines. Self promotion and discussion of piracy is not allowed.
  • Open a support ticket if you would like specific help with your account, deposits or purchases.
  • Item Support by authors is optional and may vary. Please see the Support tab on each item page.

Most of all, enjoy your time here. Thank you for being a valued Envato community member.

Post Reply

Format your entry with some basic HTML. Read the Full Details, or here is a refresher:

<strong></strong> to make things bold
<em></em> to emphasize
<ul><li> or <ol><li> to make lists
<h3> or <h4> to make headings
<pre></pre> for code blocks
<code></code> for a few words of code
<a></a> for links
<img> to paste in an image (it'll need to be hosted somewhere else though)
<blockquote></blockquote> to quote somebody

:grin: :shocked: :cry: Complete List of Smiley Codes

by
by
by
by
by
by