1747 posts
  • Has been part of the Envato Community for over 4 years
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
webdesignerart
says

Hi Guys,

Some people want to hack my website, i seeing from admin some extra user signup created not administrator but as contributer role, they trying to access my sitemap.xml and use so main sql quries to inject.

I am tired many times to ban there ip’s but now seemms they become more anger and again continues in try to any how login as administrator and distroye my website.

So what i have to do. My website is on wordpress and i am the lover of wordpress.

353 posts
  • Had an item that was trending
  • Won a competition
  • Located in Netherlands
  • Has sold $40,000+ on Envato Market
+8 more
RikdeVos
says

Delete those users and prevent people from signing up on your site.

213 posts
  • Has been part of the Envato Community for over 2 years
  • Has sold $1+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
+2 more
themelux
says

Do what the person above said, but also contact your web hosting provider and aware them of the issue along with the users IP adress as they can do a server side ban.

1747 posts
  • Has been part of the Envato Community for over 4 years
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
webdesignerart
says

But friends my website is social sharring website, user can register/signup for posting content. regarding for web host adminmistrator what things have to give them?

213 posts
  • Has been part of the Envato Community for over 2 years
  • Has sold $1+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
+2 more
themelux
says

But friends my website is social sharring website, user can register/signup for posting content. regarding for web host adminmistrator what things have to give them?

You need to alert them of what the hacker is trying to do along with their IP adress if you have it, they’ll block that person from accessing your website and the hosts server.

1034 posts
  • Has sold $1,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 1+ items on Envato Market
  • Sells items exclusively on Envato Market
+2 more
BenSheppard
says

If users can add an account with admin “quality’s” you need to think about the way the accounts created, if there is hidden inputs to add the user level that can be easily compromised, also you should make sure you don’t allow any SQL queries or HTML characters through on the PHP side

1747 posts
  • Has been part of the Envato Community for over 4 years
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
webdesignerart
says

Thanks mates for your suggestion regarding for webhost and for SQL Queries. :|

243 posts
  • Has been part of the Envato Community for over 6 years
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Had an item that became a weekly top seller
creativestuff
says

since they try to inject with a script .. try to capture some browser headers to make sure scripts are accessible only by real user and not bots

by
by
by
by
by
by