Did my server get hacked or my Website?

[newcbomb]

I run a Web Server behind an untangle firewall running Ubuntu 16. I also use Cloudflare to hide my IP on my website. I looked today and Cloudflare noticed phishing pages on my website. I looked and they were fake Bank of America pages in my WordPress installation! It was an example.com/wordpress path so I think they just hacked into my blank WordPress install. I have removed it all. Is my server ok?

[Electronics Wizardy]

You should probably wipe the server for good measusre, you don't know what else was put on there.

 

Or just delete the vm, thats why vms are great.

[myselfolli]

You could start by checking your access logs, but you're probably best off just wiping everything

[newcbomb]

13 minutes ago, Electronics Wizardy said:

You should probably wipe the server for good measusre, you don't know what else was put on there.

 

Or just delete the vm, thats why vms are great.

Yeah, its on a VM. Ill check the logs.

[Electronics Wizardy]

1 minute ago, newcbomb said:

Yeah, its on a VM. Ill check the logs.

If its on a vm, just nuke it. 

 

Might want to keep the image to investagate later, but I wouldn't connect it to the network.

[newcbomb]

@myselfolli @Electronics Wizardy I also just realized that  I don't even have SSH open on my firewall so i can only access it from the local network and WordPress was really the only point of entry. Should I be ok? 

[myselfolli]

1 minute ago, newcbomb said:

@myselfolli @Electronics Wizardy I also just realized that  I don't even have SSH open on my firewall so i can only access it from the local network and WordPress was really the only point of entry. Should I be ok? 

Well since somebody gained access to your machine - in one way or another - no, you're not okay

[duncannah]

Pretty sure this is a WordPress issue, if the server got accessed then surely they would've done something else than to simply add fake Wordpress entries