1.source code injection
1st few years ago source code injection on SMF forum & wordpress
:symptoms: hacked website prompts to install users computer ex: this website need software do you want run.
google blocked form search results.
fix: cleaning every file, opening manually checking removing encrypted code.
virtustotal.com helps scan files,
2nd: DDOS /broot force:
littles quantity happen daily:
with many random username & password attacks until he gain to access website or server.
DOS: attacking from one computer /server
DDOS: denial distributed service: attacking from many computers.
symptom: service high usage abnormal shutdown.
fix: firewall rules server level, rate liming, security mod for apache,nginx, selinux, iptables etc
3rd nosql injection: database crash/ deleted.
yesterday in wordpress browser requesting db connection but in config files
db details are correct, phpmyadmin no data about db, var/lib/mysql no db folder
table innodb /ibd files missing.
fixed this tie: imported 1 month old database, restored 20+wp posts using google cache,chrome cache, cloudflare cache, maybe bit wp super cache, fastcgi cache . but a missed a single post.
4th time: wordpress security update vulnerability
not updated a while (hacker inserted affiliate link in every post fortunately that 10 page website).
HaCkEd By RxR HaCkEr
HaCkeD By SA3D HaCk3D
good thing: after cleaning every post my website ranked in 1st for few months/ until google next update.
5th time: pirated theme hacker injected ads with php backdoor.
removed code from functions.php
while visiting displaying annoying ads from other ad networks. like adfly, etc
my bad :i deal with many technical issues but results -profits. cauz i am technical guy not marketing & managing.
