Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: Wordpress insecurities

  1. #11
    Mr.Bill's Avatar
    Mr.Bill is offline One is glad to be of service
    Join Date
    Dec 2008
    Location
    Redmond, Oregon
    Posts
    828
    Blog Entries
    1
    Thanks
    72
    Thanked 350 Times in 182 Posts
    If this happened server wide I would wait tell you get confirmation from the host that whatever caused the issue has been resolved. Out of date server software, someone on the server uploaded a warez script or simply the server was hacked via the password. Would make sure to find out if the host has scanned the server for any trojan files or other security threat that they may have uploaded to the server to collect personal information like passwords and membership information.

    If the above hasnt been done by the host it would do no good to try and resolve your sites on a server that still has insecurities. If had only been one of you that would be one thing but this was server wide.

    Reverse IP Check ಠ_ಠ Proxy Sites
    <?php if ($youask == 'stupid question') { echo ('stupid answer'); } ?>

  2. #12
    Shenron's Avatar
    Shenron is offline Administrator
    Join Date
    Dec 2008
    Location
    Portugal
    Posts
    1,900
    Blog Entries
    2
    Thanks
    561
    Thanked 548 Times in 368 Posts
    Yep, agree, you should make sure your server's been hardened.

  3. #13
    elishevadpw's Avatar
    elishevadpw is offline Net Builder
    Join Date
    Dec 2008
    Location
    under the equator
    Posts
    120
    Thanks
    40
    Thanked 45 Times in 17 Posts
    Quote Originally Posted by firetown View Post
    The person took every site in the same hosting account down, wondering now if in fact it was wordpress that they got in with.
    Mike, it was not just the wordpress sites, but also the joomla site in the same account.

  4. #14
    elishevadpw's Avatar
    elishevadpw is offline Net Builder
    Join Date
    Dec 2008
    Location
    under the equator
    Posts
    120
    Thanks
    40
    Thanked 45 Times in 17 Posts
    Quote Originally Posted by Mr.Bill View Post
    If this happened server wide I would wait tell you get confirmation from the host that whatever caused the issue has been resolved. Out of date server software, someone on the server uploaded a warez script or simply the server was hacked via the password. Would make sure to find out if the host has scanned the server for any trojan files or other security threat that they may have uploaded to the server to collect personal information like passwords and membership information.

    If the above hasnt been done by the host it would do no good to try and resolve your sites on a server that still has insecurities. If had only been one of you that would be one thing but this was server wide.
    Well I guess we'll just have to wait until the host replies our email...

  5. #15
    Shenron's Avatar
    Shenron is offline Administrator
    Join Date
    Dec 2008
    Location
    Portugal
    Posts
    1,900
    Blog Entries
    2
    Thanks
    561
    Thanked 548 Times in 368 Posts
    Were the passwords for all the sites the same?
    If not, I believe they got "root" access somehow.

    Is that your own server or a shared host?

  6. #16
    Will.Spencer's Avatar
    Will.Spencer is offline Retired
    Join Date
    Dec 2008
    Posts
    5,033
    Blog Entries
    1
    Thanks
    1,010
    Thanked 2,327 Times in 1,258 Posts
    Quote Originally Posted by Shenron View Post
    Do you still have the databases intact?
    If you do I suggest you take them out and restart every single blog from a brand new 2.7 install on top of those.
    Shenron is exactly right.

    I logged into her cPanel to take a look and the e-jihadi's had installed their code in at least nine different places in WordPress -- overwriting the original files.

    Most of these infections didn't actually work properly, but replacing wp-content/themes/default/index.php did work for them.

    I am worried though. I replaced that index.php with a known good copy and the sites appear empty. All I see now is this:
    Code:
    Hello world!
    December 29th, 2008 
    
    Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!
    That's not comforting...
    Submit Your Webmaster Related Sites to the NB Directory
    I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.

  7. #17
    Shenron's Avatar
    Shenron is offline Administrator
    Join Date
    Dec 2008
    Location
    Portugal
    Posts
    1,900
    Blog Entries
    2
    Thanks
    561
    Thanked 548 Times in 368 Posts
    Quote Originally Posted by Will.Spencer View Post
    I am worried though. I replaced that index.php with a known good copy and the sites appear empty. All I see now is this:
    Code:
    Hello world!
    December 29th, 2008 
    
    Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!
    That's not comforting...
    You need to replace the database now.

  8. #18
    Will.Spencer's Avatar
    Will.Spencer is offline Retired
    Join Date
    Dec 2008
    Posts
    5,033
    Blog Entries
    1
    Thanks
    1,010
    Thanked 2,327 Times in 1,258 Posts
    I am hoping that a copy of the databases exists somewhere...
    Submit Your Webmaster Related Sites to the NB Directory
    I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.

  9. #19
    Shenron's Avatar
    Shenron is offline Administrator
    Join Date
    Dec 2008
    Location
    Portugal
    Posts
    1,900
    Blog Entries
    2
    Thanks
    561
    Thanked 548 Times in 368 Posts
    There is Will, at least I've been told so.
    Guys and Gals, I can't be much of a help for the next couple of days, as I'll be fully online only after the 5th, still you can always drop me a pm if I'm of any use; I know wordpress rather well I believe.

  10. #20
    elishevadpw's Avatar
    elishevadpw is offline Net Builder
    Join Date
    Dec 2008
    Location
    under the equator
    Posts
    120
    Thanks
    40
    Thanked 45 Times in 17 Posts
    Thank you so much for all our help!

    We recovered the sites. Upgraded all of them to WP 2.7 and overwrote the themes as well. We're now working on the content!

    Netbuilders community rocks!

Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. [Wordpress] - WordPress 3.0 Release Candidate
    By StephenM in forum Community Software
    Replies: 0
    Last Post: 28 May, 2010, 02:35 AM
  2. Replies: 5
    Last Post: 14 January, 2010, 03:58 AM
  3. [WTS] Hoover Wordpress Blog (Unquie Wordpress Theme)
    By Marcell Purham in forum Themes
    Replies: 0
    Last Post: 15 December, 2009, 20:36 PM
  4. Replies: 29
    Last Post: 18 September, 2009, 11:24 AM
  5. Replies: 14
    Last Post: 30 August, 2009, 02:33 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •