1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

All my blogs and sites injected with PHP/HTML virus

Discussion in 'Blogging' started by mikie46, Jan 7, 2010.

  1. mikie46

    mikie46 Jr. VIP Jr. VIP

    Joined:
    Aug 6, 2008
    Messages:
    1,454
    Likes Received:
    1,102
    All my index.php files were modified by some script kiddy this morning.

    Interesting, none of my files are writable yet they still managed to create a mess on sites.

    Here is the code that was injected after the last php tag;

    REMOVED: Affecting other users' computers. - Beary


    According to news sources more than 80,000 websites were hit last night. And there is little you can do to prevent it.

    So if you have a WP blog up and running you better check it!

    The damage is not as widespread on my sites as most because i can see they are using the REPLACE command and my boxes are Freebsd which does not support the replace command.

    I have lost 100's of dollars in sales today because of this.
     
    Last edited by a moderator: Jan 7, 2010
  2. Nitros

    Nitros Power Member

    Joined:
    Jan 30, 2009
    Messages:
    573
    Likes Received:
    295
    What version of wp are you using on all your sites?
     
  3. nsixsixsix

    nsixsixsix Newbie

    Joined:
    Jan 2, 2010
    Messages:
    37
    Likes Received:
    3
    your pc is prolly infected, change all FTP passwords and immunise your PC, then clean your sites imo.

    same thing happened me b4.. MAJOR pain in the ass.

    other possiblity as mentioned above is a WP hack, I think option 1 is more likely since all your sites got done.

    if spybot/avg/malwarebytes etc find nothing on your pc, consider a reinstall of OS as last resort
     
  4. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    well fuck me...i just checked one of mine and it's been hit+
    edit, make that two of them
     
    Last edited: Jan 7, 2010
  5. loclhero

    loclhero Supreme Member

    Joined:
    Jun 11, 2007
    Messages:
    1,453
    Likes Received:
    2,413
    Gender:
    Male
    Location:
    Copperhead Road
    my kaspersky wouldnt' even let me into my two blogs so i'm fine on this end but i'm getting pretty fucking sick of this shit
     
  6. blackhit

    blackhit Super Moderator Staff Member Jr. VIP Premium Member

    Joined:
    Jan 28, 2008
    Messages:
    2,402
    Likes Received:
    4,251
    Location:
    Dark Side Of The Moon
    @mikie46
    @loclhero

    What FTP proggies are you using.

    There was a spread early 2009 which affected 3 FTP progs, CuteFTP being one of them.

    Infected 30 of my sites...........:(

    Moved away from CuteFTP...
     
  7. iamsgf

    iamsgf Regular Member

    Joined:
    Oct 6, 2008
    Messages:
    307
    Likes Received:
    268
    i have been hit on 3 different hosting account over the last few months..... real pain in the ass as it can take ages to sort
     
  8. teebee

    teebee Registered Member

    Joined:
    Aug 15, 2008
    Messages:
    84
    Likes Received:
    14
    Location:
    Los Angeles
    Guys, what's the best program to immunize my PC? My wordpress got hacked, but my other sites haven't, they weren't on wordpress though.
     
  9. theroot

    theroot Registered Member

    Joined:
    Oct 5, 2009
    Messages:
    59
    Likes Received:
    20
    Free solution: Combine Malwarebytes, Avira or AVG and ComboFix.
    Scan Daily: Sophos Anti-Rootkit online or other soft
    Use sFTP vs FTP.

    For Wordpress (plugins): Secure WP,Login LockDown,WP-Optimize,WP Scan,Spamfree,bad behavior and AA Passpro

    and backup utilities!!!
     
    • Thanks Thanks x 1
  10. radi2k

    radi2k Junior Member

    Joined:
    Nov 29, 2009
    Messages:
    117
    Likes Received:
    34
    Location:
    Germany
    my tip for the future: protect your wp-login.php and /wp-admin/ folder by a separate .htaccess file. you should also hide the "powered by wordpress" slogan and the wordpress version in the header. so your blog cannot be found that easy. simple authentification prevents most spam scripts. i'm hosting sites for about 5 years now - none of my sites ever got hacked! and of course ensure to use the most recent version of your software!
     
    • Thanks Thanks x 1
  11. theroot

    theroot Registered Member

    Joined:
    Oct 5, 2009
    Messages:
    59
    Likes Received:
    20
    an example of .htaccess file for wp-admin folder,

    Code:
    AuthUserFile /dev/null
    AuthGroupFile /dev/null
    AuthName "Example Access Control"
    AuthType Basic
    <LIMIT GET>
    order deny,allow
    deny from all
    allow from 130.X.X.186 (your IP)
    
    </LIMIT>
     
  12. radi2k

    radi2k Junior Member

    Joined:
    Nov 29, 2009
    Messages:
    117
    Likes Received:
    34
    Location:
    Germany
    that would produce problems if your IP isnt static. better try basic authentification since it works from everywhere!