1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I got HACKED by using the AUTOBLOG PLUGINS here!

Discussion in 'Blogging' started by ClownBaby, Nov 8, 2009.

  1. ClownBaby

    ClownBaby Power Member

    Joined:
    Oct 25, 2009
    Messages:
    581
    Likes Received:
    21
    so i wasuploading the plugins here following the step by step thread. suddenly my FTP stops!

    Im thinking it is downtime on the server i use (inmotion hosting).

    i come to find out, the plugins (YES THE PLUGINS) used for autoblogging got me hacked. they got in, changed the PW to cpanel and started messing around.

    I have no keyloggers or anything else on my pc. this was strictly from the plugins I got on this forum in the step by step process. I spoke to the hosting security team and they confirmed it was from the plugins.

    The hacker also went and blocked my IP so it would look like my site was down when it really wasnt. Just puttin this out there as a warning to others.
     
    • Thanks Thanks x 1
  2. Pofecker

    Pofecker Senior Member Premium Member

    Joined:
    Apr 4, 2007
    Messages:
    1,137
    Likes Received:
    7,093
    Location:
    In your attic
    If you remember the thread, go and report it.
     
  3. mgs

    mgs Regular Member

    Joined:
    Apr 7, 2007
    Messages:
    219
    Likes Received:
    170
    Occupation:
    Professional Web Developer, Internet Marketing, SE
    Location:
    Land of Dreams
    Where is the thread you got that plugins from ?
     
  4. youngguy

    youngguy Senior Member

    Joined:
    Apr 11, 2009
    Messages:
    1,053
    Likes Received:
    1,560
    Location:
    Hell
    lol dude. Noone can hack your passwords through a script unless you save all your info in a text file and upload to your server lol. I can confirmed this.

    ***Your post shows that you didn't have any knowledge about scripting, then just shut up and don't spread around here. If you're one of the owners of these plugins shared in BHW and trying to post false alarm here ... you will be kicked in the ass!
     
    • Thanks Thanks x 1
    Last edited: Nov 8, 2009
  5. simey69

    simey69 Regular Member

    Joined:
    Mar 27, 2009
    Messages:
    325
    Likes Received:
    1,478
    Location:
    UK
    I've just posted this one of the other threads you're posting this on.. thought I'd add it here too..

    ---
    you're spreading this bull over all autoblog posts.. what's your game?

    on one you say you've had you're cpanel hacked and blame the plugins, another you're adding that you had you're IP blocked, now you're re-formatting you're machine...

    you've not once pointed at any one plugin, just 'these plugins'..

    if there was such a problem, I'm sure that loads of people on here, probably me as well, would've been hit the same way and made a lot of noise.
    ---

    as you say your host blamed the plugins, then surely you can tell us which one?
     
    • Thanks Thanks x 1
  6. ClownBaby

    ClownBaby Power Member

    Joined:
    Oct 25, 2009
    Messages:
    581
    Likes Received:
    21
    ill let you know whcih plugin tomorrow. im just seeing this thread now and it late. ill definitely followup though.
     
  7. Deschen

    Deschen Newbie

    Joined:
    Aug 26, 2009
    Messages:
    33
    Likes Received:
    8
    can you also tell us what antivirus and anti malware program you are using on your pc?

    thanks.
     
  8. silent_thunder

    silent_thunder Regular Member

    Joined:
    Mar 24, 2009
    Messages:
    227
    Likes Received:
    79
    Occupation:
    Research Anal yst
    Location:
    MoneyMakingSutra
    Home Page:
    I think you can hack through just a script..provided some of the php functions are open..

    !:) Not going any longer

    So please provide the proof of the plugins
     
  9. AutoBlogger

    AutoBlogger Power Member

    Joined:
    Oct 20, 2009
    Messages:
    780
    Likes Received:
    928
    Occupation:
    IM, AutoBlogging and Urban Planning
    Location:
    The Global Village
    If it really happened than the creator of the script will be the best coder of the century. It is not possible to hack hosting with an uploaded script. The most dangerous virus or malware for hosting is iFrame Virus, which only does blacklisting IPs and Site to browser.
    So until you can show us any proof, don't blame BHW members.
     
  10. blackmagicmaster

    blackmagicmaster BANNED BANNED

    Joined:
    Dec 11, 2008
    Messages:
    587
    Likes Received:
    932
    naaah via autoblog plugin a cpanel server cant be hacked and also not in some few minutes as he i s saying he was uploading and suddenly the ftp stopped ! i m sure that ur pc infected change ur anti virus to nod32 or kaspersky ! and try to scan ur pc nobody can hack cpanel server via script unless u are complete noob and allow shell execute , url include and other dangerous php functions in server !!
     
  11. gh0st

    gh0st BANNED BANNED Premium Member

    Joined:
    Feb 7, 2009
    Messages:
    92
    Likes Received:
    47
    lol you do know that some programs that steal data have rootkits and are undetectable by avs right? Just pointing that out there, also i bet you were using a shared hosting as well. So unless you go through the plugin and find w/e it was, then its either a virus or server side exploit.

    LOL dude, read up on php before you talk. There are things called shells that is a simple script that can gain access to every file on your site. There are also php bots and js bots. Please don't talk when you have NO F***ING clue.
     
    • Thanks Thanks x 2
  12. sqhunter

    sqhunter Regular Member

    Joined:
    Jul 8, 2009
    Messages:
    385
    Likes Received:
    267
    Well i recently got my blog hacked aswell and i suspected it was was the global translator plugin, but it could have been also an exploit on the whole shared server i am still unsure.. however some plugins require 777 and thats a big BS, you cannot tell me the owner or somebody else cannot put some iframe or obfuscated code there that will display on your site and redirect people.

    i am sure this is possible through 777 plugins, so dont have anything 777 in your wp installation.
     
  13. three_cs

    three_cs Newbie

    Joined:
    Dec 9, 2008
    Messages:
    22
    Likes Received:
    3
    Just to let you guys know there are many MALWARE cPANEL HACKS lately. Don't log in to your cPANEL while on a friend/reletives computer, just logging in once can compremise your server.

    I had this happen to me 3 weeks ago, now when ever I log into my cPANEL at a friends house I boot from a secure LIVE USB drive

    I recommend malwarebytes for checking for malware also
     
    Last edited: Nov 9, 2009
  14. rufus15

    rufus15 Junior Member

    Joined:
    May 21, 2009
    Messages:
    134
    Likes Received:
    162
    Occupation:
    Spammer :D
    Location:
    Philippines
    guys, if you are using simple plugins like global translator and not the plugins you use for autoblogging, get it from the official source. w0rdpress.0rg to be safe.
     
  15. youngguy

    youngguy Senior Member

    Joined:
    Apr 11, 2009
    Messages:
    1,053
    Likes Received:
    1,560
    Location:
    Hell
    @ghost: don't bash me for NOT READING my post, ofcourse php shells can gain access to any file in my host BUT OP said:

    Code:
    [B][COLOR="Lime"]they got in, changed the PW to cpanel and started messing around.[/COLOR][/B]
    
    This is why I think he got trojan instead of being hacked through php scripts.


    So if you can fucking change my Cpanel Password with php shells come on! I challenge you! WTF you think you are ?
     
    Last edited: Nov 9, 2009
  16. youngguy

    youngguy Senior Member

    Joined:
    Apr 11, 2009
    Messages:
    1,053
    Likes Received:
    1,560
    Location:
    Hell
    @c0ntempt: yes php shells like c99 is very powerful but how you can use it to change someone's cpanel passwords? lol this is imposible and this is the reason why I can tell OP got trojan.
     
  17. rufus15

    rufus15 Junior Member

    Joined:
    May 21, 2009
    Messages:
    134
    Likes Received:
    162
    Occupation:
    Spammer :D
    Location:
    Philippines
    or maybe the FTP software that you use is infected?
     
  18. youngguy

    youngguy Senior Member

    Joined:
    Apr 11, 2009
    Messages:
    1,053
    Likes Received:
    1,560
    Location:
    Hell
    @c0ntempt: yes I agreed :p I owned over 1k us servers in my past 3 years but I'm not hacking any more. I tell you this: always there are bugs but a very few experienced hackers can do this, you think these guys got so much rare time to mess around with these little blogs? lol NO man!

    If the server's root is hacked there are 3 things we should know:
    1. Your server has SHIT LIKE security! Get away from it or you will get in trouble soon or later.
    2. You have to be proud that you have met 1 of the most experienced hacker :)
    3. There are extremely powerful exploits just discovered that we didn't know about it. In this case, these hackers don't target on such ... little "auto" blogs lol. Why the hell they want to fuck these noob blogs?
     
    Last edited: Nov 9, 2009
  19. gh0st

    gh0st BANNED BANNED Premium Member

    Joined:
    Feb 7, 2009
    Messages:
    92
    Likes Received:
    47
    lol yes you can. You simple use some reverse engeneering to talk to the hosting companies to let you in.
     
  20. youngguy

    youngguy Senior Member

    Joined:
    Apr 11, 2009
    Messages:
    1,053
    Likes Received:
    1,560
    Location:
    Hell
    :) so these hackers have too much time in the hard way to hack these autoblogs? lol make no sense. Servers' admins are not really that stupid.

    And guys, sorry for my previous posts. I got a hard day and my mood is not so good these day, got some trouble in my day job. Apology all!

    thanks.
     
    Last edited: Nov 9, 2009