Daniel Kay
Original Poster
Sep 22, 2019

SITE HACKED 2 TIMES IN 3 DAYS EVEN WITH CLOUDFLARE PREMIUM

My site has been hacked 2 times in 3 days and I have ultra secure HTTPS along with Cloudflare Premium with firewall but still able to hack it. When someone goes to my site and clicks on a button it takes them through to bad sites. Please find below my server logs to help me identify who is doing it, how they are doing it and how to stop them doing it again.




Many thanks
Details
Security, Malware and Hacked Sites
Locked
Informational notification.
This question is locked and replying has been disabled.
Community content may not be verified or up-to-date. Learn more.
All Replies (8)
Travler.
Diamond Product Expert
Sep 22, 2019
HI
See some Cloudflare support pages regarding hacked sites at  https://www.google.com/search?q=support+Cloudflare+Premium+hacked+site
--------
If you post your url we can take a look at your site.
Thanks.
Daniel Kay
Original Poster
Sep 22, 2019
The reason I mentioned cloudflare is that it should be impossible for the site to be hacked as have the premium firewall of cloudflare. I have restored my site to an early day to get rid for the second time the hack which when someone clicks on a button it takes them through to a different site so even if I post my URL it will not show you the problem. Can you see through the server logs how they managed to hack my site?

I recorded a HAR file when the site was hacked but did not let me publish it when I first posted but will try again now so hopefully you can see and advise how they did it and how to protect my site from a 3rd hack.

Did not let me attache HAR file to this email so not sure how to show you the actions now that rolled back so if you can look at my server log.

Thanks
Travler.
Diamond Product Expert
Sep 22, 2019
HI
If this is something on your site then you need to  find out what it is that is causing the redirects you refer to.
Also check your devices for keyloggers, etc.
RT2
Product Expert Alumni
Sep 23, 2019
"Can you see through the server logs how they managed to hack my site?" etc - sounds like you need to be talking to your host/cloudflare etc
 
 
Daniel Kay
Original Poster
Sep 23, 2019
I did and they said

Hi there,
Thanks for reporting the issue and sorry to hear that there are unexpected redirects on the site.
It appears your site is hacked and attacker injects redirects inside the website's code. You would need to find the redirect and remove it from the site. Sadly, this is out of Cloudflare's support scope and you will need to do this yourself.
You can read the below article on the suggestion to do that for Wordpress sites:
As to why this happens, you likely have types of malware or security vulnerabilities on your site that allowed an attacker to gain access to the site and place the malicious redirect.
Regards,
Bang | Cloudflare Support Engineer

I thought my site was ultra secure so can someone please tell me where the vulnerability is that is enabling them to hack my site???

Robin Causey
Sep 23, 2019
How to see server logs
Daniel Kay
Original Poster
Sep 23, 2019
I think they were able to hack my site via the plugin below.

To fix the site I restored to an early date, removed that plugin and changed my log in url

Travler.
Diamond Product Expert
Sep 23, 2019
Glad you found the issue.
RE secure HTTPS
HTTPS helps prevent intruders from tampering with the communications between your websites and your users’ browsers. It does not prevent hacking of the site itself.
 
Plugins such as Wordfence will help keep your website itself safe.
Sign up for email updates for services such as https://blog.sucuri.net/2019/05/wordpress-hacks-5-ways-to-protect-wordpress-from-hacking.html to keep on top of current issues.
false
12618584739262529784
true
Search Help Center
true
true
true
true
true
83844
Search
Clear search
Close search
Main menu
false
false