1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New attack on wordpress sites?

Discussion in 'BlackHat Lounge' started by dbuck, Jan 15, 2014.

Tags:
  1. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    If your WP sites have been hacked. I can help. I had 6 of my WP sites compromised and it was something new. Took me a few hours to figure out. I would suggest upgrading WP and ALL themes if you havent already. It seems to hit the footer.php in your theme and will spread into the plugins... also chmod the themes footer.php to 444. Most my sites are over 4 years old and I have been hit, but not like this.
     
  2. tojamie

    tojamie BANNED BANNED

    Joined:
    Jan 14, 2013
    Messages:
    1,052
    Likes Received:
    237
    Never hack my 10+ wordpress sites.
     
  3. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    Good for you tojamie...This new one puts a Iframe at the end of your footer.php and a few other files. also injects itself into js scripts...pain to clean up, but can be done.
     
  4. thraxx

    thraxx Newbie

    Joined:
    Nov 20, 2008
    Messages:
    25
    Likes Received:
    6
    Any behavior to look for to know if you've been hit?
     
  5. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    If you use the Wordfence plugin it will alert you. I have Kaspersky and it said the site was not safe. without Kaspersky I would not have new about the Trojan and it would have downloaded into my pc. I did let it download so I could see what it is.
    As far as behavior there isnt any. Site might run slower.
     
  6. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    You can use the Sucuri SiteCheck scanner to check your site for any file changes..just google it. or download the wordfence plugin and run it.
     
  7. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    Here is the the code it writes into a few of your files.

    <iframe name=Twitter scrolling=auto frameborder=no align=center height=1 width=1
    I had to leave off the closing brackits so my kaspersky would not go off.
     
    • Thanks Thanks x 1
  8. Vanrithy

    Vanrithy Power Member

    Joined:
    Jun 11, 2013
    Messages:
    621
    Likes Received:
    375
    Occupation:
    E-Media Officer
    Location:
    Kingdom of Wonder
    Home Page:
    That's too bad when the sites hit by those things; I know the feeling. To leave most of the hassle and loss of my business, I've been using the third party services to protect, monitor and proactive cleaning my sites if they got problems. Event if I must pay more but the result is paid by itself if you're normally having these kinds of problem like me.
     
  9. dbuck

    dbuck Newbie

    Joined:
    Dec 14, 2011
    Messages:
    24
    Likes Received:
    15
    Gender:
    Male
    Occupation:
    Guitar player / Musician
    Location:
    fl
    competition hates competition.
    Seems the Iframe makes it look like you have lost all your info on your site. But you havent.
     
  10. HerpDerpSlerp

    HerpDerpSlerp Power Member

    Joined:
    Mar 19, 2013
    Messages:
    778
    Likes Received:
    623
    and this is one of the great reasons why I won't use wordpress :)
     
  11. Kuz32

    Kuz32 Junior Member

    Joined:
    Nov 7, 2013
    Messages:
    152
    Likes Received:
    18
    One of hte most important things you can do is update regularly! EVERYTHING

    All themse/plugins and WordPress itself. This is the most important basic thing you can do for security.