1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OK so my site was hacked last night (JustHost).. BEWARE of Wordpress 3.XX

Discussion in 'Black Hat SEO' started by Bross, Mar 13, 2011.

  1. Bross

    Bross Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    859
    Likes Received:
    355
    Nice SEO site on an amazing domain you can't find everyday..

    The hacker was generous enough to provide his facebook page:
    hxxp://www.facebook.com/TnHacker

    So I am not pissed.. Shit happens and I have backups. But I am going to find him and have some fun.

    ANYWAYZ...

    The site was hosted with Justhost using Wordpress 3.0.1.
    Guys be ware of wordpress 3. It has major issues I noticed and not only security stuff. I suggest everyone to downgrade or NOT update until WP3 is stable..

    Cheers.
     
  2. ahiddenman

    ahiddenman Elite Member

    Joined:
    Dec 11, 2010
    Messages:
    2,647
    Likes Received:
    2,087
    Location:
    204.15.23.255
    Yeah 3 of my blogs have been hacked by Sniper.T

    He hacks to preach about his god lol
     
    • Thanks Thanks x 1
  3. Bross

    Bross Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    859
    Likes Received:
    355
    Which wordpress version and what host?

    I noticed security issues in WP3. The new top window is not secure enough.

     
  4. ahiddenman

    ahiddenman Elite Member

    Joined:
    Dec 11, 2010
    Messages:
    2,647
    Likes Received:
    2,087
    Location:
    204.15.23.255
    I was using the same version as you and i was with a private hosting company but i've just made the switch over to hostgator as atleast then i get backups done for me automatically.
     
    • Thanks Thanks x 1
  5. Bross

    Bross Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    859
    Likes Received:
    355
    It's clearly wordpress and not the hosting companies. But I will be in touch with JH to understand exactly what they did.

     
  6. ahiddenman

    ahiddenman Elite Member

    Joined:
    Dec 11, 2010
    Messages:
    2,647
    Likes Received:
    2,087
    Location:
    204.15.23.255
    Yeah it is wordpress because the password on wordpress got changed. And when i checked the activity logs it was getting I.P's from Saudi arabia and Abu dhabi
     
    • Thanks Thanks x 1
  7. cyberzilla

    cyberzilla Elite Member Premium Member

    Joined:
    Nov 15, 2009
    Messages:
    2,204
    Likes Received:
    3,363
    Location:
    zeta reticuli
    I don't recommend downgrading. If you do so, you are giving one more chance to malicious hackers to exploit the vulnerabilities in the older versions(If it is not patched). Why don't you upgrade? because after reading the change log, I came to know that many security enhancements were added in the newer versions.

    In addition to this there are many free security plugins available to harden you wordpress blogs. Try those plugins.
     
    • Thanks Thanks x 1
  8. TheDominator

    TheDominator Newbie

    Joined:
    Mar 6, 2011
    Messages:
    23
    Likes Received:
    5
    Looks like this guy has hacked many websites. I just googled his facebook page.
     
    • Thanks Thanks x 1
  9. ahiddenman

    ahiddenman Elite Member

    Joined:
    Dec 11, 2010
    Messages:
    2,647
    Likes Received:
    2,087
    Location:
    204.15.23.255
    Google this phrase " Hacked by Sniper T " (Remove " ")


    Thats the guy that hacked my 3 wp blogs
     
    • Thanks Thanks x 1
  10. Bross

    Bross Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    859
    Likes Received:
    355
    There were many websites hacked since last release.
    That's how I see it. And the enhancements won't help against a dedicated hacker. The source code needs to be perfect.

    It was actually expected because wordpress changed in this upgrade, this is the nature of new massive updates. Especially on such popular scripts.


     
  11. lumio

    lumio Newbie

    Joined:
    Mar 11, 2011
    Messages:
    5
    Likes Received:
    3
    Anyone know what specific vulnerability he's using? Brute force, cross site scripting, sql injection, etc? Will the Bulletproof Security plugin do any good? Is this something that can be prevented through the firewall configuration or are we pretty much at the mercy of the Wordpress platform?
     
    • Thanks Thanks x 1
  12. Bross

    Bross Senior Member

    Joined:
    Feb 6, 2010
    Messages:
    859
    Likes Received:
    355
    My tests uncovered that he did no damage. Only changed the index file to praise his god. Go figure.
    It was either an injection or password crack because the login password changed.

    Loginlockdown plugin is a good addition.


     
  13. Imhotep

    Imhotep Regular Member

    Joined:
    Mar 10, 2009
    Messages:
    353
    Likes Received:
    183
    Occupation:
    white women
    Location:
    Hell
    Why dont any of you use .htaccess with your ip only on it? :44:
     
    • Thanks Thanks x 1
  14. Nerevar

    Nerevar Jr. VIP Jr. VIP

    Joined:
    Jun 30, 2010
    Messages:
    421
    Likes Received:
    167
    Umm ... the current version is 3.1 and you're on 3.0.1. You're practically ten versions behind so no, there's no surprise you've been hacked.

    Update your installation whenever a new version comes out.
     
    • Thanks Thanks x 2
  15. onesheisty

    onesheisty Newbie

    Joined:
    Feb 1, 2011
    Messages:
    12
    Likes Received:
    2
    Occupation:
    Freelance Graphic designer (Signs, Web, Motion Gra
    Location:
    Corona, Ca

    +1 for this...
     
    • Thanks Thanks x 1
  16. RAYRAY7

    RAYRAY7 Regular Member

    Joined:
    Nov 17, 2007
    Messages:
    305
    Likes Received:
    196
    The first suspect are the employees of the hosting company. Justhost is s not that good because same thing happened to my site.

    You hardly hear about hacking with hostgator sites!
     
    • Thanks Thanks x 1
  17. valentinc

    valentinc Newbie

    Joined:
    Aug 21, 2010
    Messages:
    27
    Likes Received:
    1
    Same happened to me! hacked by Sniper.T
     
    • Thanks Thanks x 1
  18. flexnds

    flexnds Power Member

    Joined:
    Jan 4, 2010
    Messages:
    643
    Likes Received:
    680
    Occupation:
    Internet Marketing, Web development, Internet Repu
    Location:
    AZ
    Ya, it's justhost.. I had tons of sites get hacked with justhost none with my hostgator or bluehost accounts. There has not been an actual exploit for wordpress itself in a while. It's usual the host, faulty plugins and wp themes.
     
    • Thanks Thanks x 1
  19. worldismine

    worldismine Regular Member

    Joined:
    Feb 25, 2009
    Messages:
    372
    Likes Received:
    269
    Better make sure your PC is not keylogged. Most of the time its the victims PC that gets hacked 1st, as any kid can keylog you... It takes skill to bring down new scripts with 0day exploits.
     
    • Thanks Thanks x 1
  20. flexnds

    flexnds Power Member

    Joined:
    Jan 4, 2010
    Messages:
    643
    Likes Received:
    680
    Occupation:
    Internet Marketing, Web development, Internet Repu
    Location:
    AZ
    @worldismine excellent add, I totally forgot to put that on my list. Very true though. A good antivirus/anti spyware can save your A**
     
    • Thanks Thanks x 1