1433 posts
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 3-4 years
  • Microlancer Beta Tester
webdesignerart says

Hi Guys,

Some people want to hack my website, i seeing from admin some extra user signup created not administrator but as contributer role, they trying to access my sitemap.xml and use so main sql quries to inject.

I am tired many times to ban there ip’s but now seemms they become more anger and again continues in try to any how login as administrator and distroye my website.

So what i have to do. My website is on wordpress and i am the lover of wordpress.

335 posts
  • Netherlands
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Exclusive Author
  • Bought between 10 and 49 items
  • Referred between 10 and 49 users
  • Has been a member for 3-4 years
RikdeVos says

Delete those users and prevent people from signing up on your site.

213 posts
  • Bought between 1 and 9 items
  • Contributed a Tutorial to a Tuts+ Site
  • Exclusive Author
  • Has been a member for 1-2 years
  • Sold between 1 and 100 dollars
  • United States
themelux says

Do what the person above said, but also contact your web hosting provider and aware them of the issue along with the users IP adress as they can do a server side ban.

1433 posts
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 3-4 years
  • Microlancer Beta Tester
webdesignerart says

But friends my website is social sharring website, user can register/signup for posting content. regarding for web host adminmistrator what things have to give them?

213 posts
  • Bought between 1 and 9 items
  • Contributed a Tutorial to a Tuts+ Site
  • Exclusive Author
  • Has been a member for 1-2 years
  • Sold between 1 and 100 dollars
  • United States
themelux says

But friends my website is social sharring website, user can register/signup for posting content. regarding for web host adminmistrator what things have to give them?

You need to alert them of what the hacker is trying to do along with their IP adress if you have it, they’ll block that person from accessing your website and the hosts server.

1034 posts
  • Microlancer Beta Tester
  • Exclusive Author
  • Sold between 100 and 1 000 dollars
  • Bought between 1 and 9 items
  • United Kingdom
  • Has been a member for 2-3 years
BenSheppard says

If users can add an account with admin “quality’s” you need to think about the way the accounts created, if there is hidden inputs to add the user level that can be easily compromised, also you should make sure you don’t allow any SQL queries or HTML characters through on the PHP side

1433 posts
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 3-4 years
  • Microlancer Beta Tester
webdesignerart says

Thanks mates for your suggestion regarding for webhost and for SQL Queries. :|

242 posts
  • Europe
  • Has been a member for 5-6 years
  • Referred between 1 and 9 users
  • Sold between 1 000 and 5 000 dollars
creativestuff says

since they try to inject with a script .. try to capture some browser headers to make sure scripts are accessible only by real user and not bots

by
by
by
by
by
by