1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Beware WordPress users!!

Discussion in 'Black Hat SEO' started by 2k9bomb, Apr 25, 2012.

  1. 2k9bomb

    2k9bomb Registered Member

    Joined:
    Sep 21, 2011
    Messages:
    78
    Likes Received:
    22
    Be careful guys, I currently host 14 WordPress sites and 9 of them have been hacked with malicious code in certain php files! I'm losing so much money, this is a IM's nightmare. There is a zero day exploit currently out there on the newest version of wordpress and they're using it to gain admin control access
     
    • Thanks Thanks x 8
  2. aakon7

    aakon7 Regular Member

    Joined:
    May 15, 2010
    Messages:
    489
    Likes Received:
    249
    Occupation:
    eCommerce consultant
    Location:
    Tennessee
    Yeah, make sure you apply all wordpress updates as soon as they are issued. We use Page.ly for our webhost and have never gotten hacked since we moved.
     
  3. Taktical

    Taktical Elite Member

    Joined:
    May 15, 2011
    Messages:
    1,657
    Likes Received:
    3,254
    Occupation:
    Jr.Executive VIP
    Location:
    USA
    i too have been hacked massively recently. they annihilated my data, and i had to rebuild from scratch. real pain in my ass.

    theres definitely a new zero day.
     
  4. gorang

    gorang Elite Member

    Joined:
    Dec 6, 2008
    Messages:
    1,891
    Likes Received:
    1,656
    Occupation:
    SEO Consultant - Marketing Strategy
    Location:
    UK
    Ouch. Does bulletproof security protect from this? I also use cloudflare as an extra block. I guess it is time to do another backup.
     
  5. SuperNoobInc

    SuperNoobInc Regular Member

    Joined:
    Dec 28, 2011
    Messages:
    467
    Likes Received:
    32
    Ouch.
    How did you find out you got hacked? Is it obvious.
    Now this has became part of my concern as well. How do I go about finding the code etc.

    Please advise. Thanks
     
  6. sirgold

    sirgold Supreme Member

    Joined:
    Jun 25, 2010
    Messages:
    1,260
    Likes Received:
    646
    Occupation:
    Busy proving the Pareto principle right
    Location:
    A hot one
    Apparently this attack was also the vector that led to the recent outbreak on Mac OS X... Glad I ditched WP long ago ;)
     
  7. Skywalker

    Skywalker Junior Member

    Joined:
    Nov 2, 2009
    Messages:
    174
    Likes Received:
    43
    Occupation:
    Jedi
    Location:
    Tatooine
    Happen to mine about a month ago. A give away is when the "Warning Dangerous Download" crap shows up on the sites yahoo search results. Still waiting for it to be removed. Had to hire a someone to go thru all the sites on my server and clean them for malware. Also, took precautions so it doesn't happen again. it sucks, gl.

    I also installed this plugin and it emails me whenever something odd happens and it blocks something suspicious. Which is quite a bit.

    Wordpress Firewall 2
     
    Last edited: Apr 25, 2012
  8. download

    download Supreme Member

    Joined:
    May 4, 2010
    Messages:
    1,271
    Likes Received:
    712
    Location:
    USA
    Not sure if these plugins do anything to prevent this, but they're always good to have:
    BulletProof Security
    Secure WordPress
    Wordpress Firewall 2
     
    • Thanks Thanks x 3
  9. 2k9bomb

    2k9bomb Registered Member

    Joined:
    Sep 21, 2011
    Messages:
    78
    Likes Received:
    22
    I use BulletProof Security on all of my WordPress sites but 9 still got hacked. Two of my friends have had their WordPress sites hacked also.

    The best advice I can give is to back up your data before this happens to you! Trust me, I've been working on this FOR HOURS and it's nothing but frustration, and unnecessary time & money loss!
     
  10. TimShaker

    TimShaker Newbie

    Joined:
    Apr 24, 2012
    Messages:
    23
    Likes Received:
    0
    It was with version 3.31. The newest version is supposed to have fixed the exploit.
     
  11. 2k9bomb

    2k9bomb Registered Member

    Joined:
    Sep 21, 2011
    Messages:
    78
    Likes Received:
    22
    I have the latest version (3.3.2) installed on all of my WordPress sites
     
  12. staycoolmen2006

    staycoolmen2006 Regular Member

    Joined:
    Aug 5, 2010
    Messages:
    345
    Likes Received:
    147
    Home Page:
    always use vt before installing any files if downloaded from anonymous sites...
     
  13. ProAffiliate01

    ProAffiliate01 Junior Member

    Joined:
    Feb 27, 2012
    Messages:
    147
    Likes Received:
    10
    Occupation:
    Web specialist
    Location:
    Denmark
    Something similar happened to me at one time. I made sure since then my blogs were more secure.
     
  14. BlackhatArticles.com

    BlackhatArticles.com Registered Member

    Joined:
    Apr 20, 2012
    Messages:
    62
    Likes Received:
    9
    I removed all plugins and malware code from footer.php. I was ranking first due to no competition, but now my Domain is nowhere for my main keyword. :(
    Only FB profile is helping me to rank 3rd.
     
  15. LakeForest

    LakeForest Supreme Member

    Joined:
    Nov 11, 2009
    Messages:
    1,269
    Likes Received:
    1,805
    Location:
    Location Location
    Not to insult anyone's intelligence who got hacked: Please make sure you have disabled access by anonymous FTP.

    It's such an absurd setting to be allowed by default in cpanel, especially when everyone with the capability and intent to be malicious knows anon ftp is pretty much the easiest way to mess your shit up besides root.

    Also, change where you locate your admin/login directory and make your passwords for everything ridiculous (and I don't mean using 3 for the letter e).

    Personally, I've never really trusted a plugin for safety, but maybe it's time I at least give them a more serious consideration.
     
  16. tony23

    tony23 Regular Member

    Joined:
    Dec 20, 2010
    Messages:
    300
    Likes Received:
    148
    Occupation:
    crash test dummy
    Location:
    Israel. it's in the middle east and full of nutter
    After reading this thread I installed WP firewall, 2 minutes later I got a notification of an attempt. I only have a few WP sites, prefer html TBH.
     
  17. HatIsBlack

    HatIsBlack Regular Member

    Joined:
    Sep 17, 2010
    Messages:
    265
    Likes Received:
    187
    Location:
    Where i belong
    You can protect yourself by changing permission for writing by the webserver to the files.
     
  18. Fischlein11

    Fischlein11 Junior Member

    Joined:
    Feb 22, 2010
    Messages:
    121
    Likes Received:
    16
    Same here. My 4 Sites are hacked with this SHit.

    It takes HOURS to remove this crap :( :(
     
  19. zoyaraymonds

    zoyaraymonds Regular Member

    Joined:
    Jan 16, 2012
    Messages:
    490
    Likes Received:
    141
    don't use cracked theme
     
  20. xxf8xx

    xxf8xx Supreme Member

    Joined:
    Nov 30, 2009
    Messages:
    1,321
    Likes Received:
    597
    Occupation:
    IM
    My entire hosting was hacked recently. All my sites redirected to a Russian domain. I fixed it by running some script which scans every file on your hosting and searches for malicious code. Then I just deleted those files it found.

    EDIT: Just a heads up. Changing file permissions won't usually help as the hacker has access to change the permission via a webshell. When it happened to mine all my htaccess file were hacked and then set back to 444 (as if the hacker thinks I don't know how to change it back). Best way I found to be safe is to update everything as soon as it comes out.
     
    Last edited: Apr 25, 2012