Wordpress Themes - WP Forum at BFA

Wordpress Themes - WP Forum at BFA (http://forum.bytesforall.com/index.php)
-   Installing & running WordPress (http://forum.bytesforall.com/forumdisplay.php?f=6)
-   -   My site's been hacked! (http://forum.bytesforall.com/showthread.php?t=3393)

paulae Sep 11, 2009 09:58 AM
My site's been hacked!
 
Yes, it happened to me. Yesterday morning, the front page of my site was marred by two screens' worth of links to porn sites. I couldn't tell where it came from, which file it was in. I contacted my new WP guru, who had responded to a question of mine in the wordpress.org forum, and she and her database wizard are in the process of fixing the site. She thinks the hack actually happened in July, but was activated only yesterday. I had already installed WP 2.8.4 the day before, but I guess since the hack was in place while I was using 2.7.1, it was able to wreak havoc.

So, please, please go ahead and upgrade to 2.8.4 ASAP! I will post more as I find out more, and also about ways to "harden" the site against future attacks. I guess one problem with open-source platforms like WP is that the hackers have an easy time writing malicious code to get into it.

Shepherd Jim Sep 11, 2009 01:49 PM
Hey Paula!

The view from Maine is good! -- your site's looking all cleaned up now (3:30 EDT).

I wonder if your site's "visitor profile" being higher than average increases the chances of it attracting the attention of the hacking bozos. The word is that most hacking these days is done for profit so those porn sites may have likely been paying to have links to their sites "sprinkled around" the www.

The Gazette is looking better than ever!! Congratulations!

BTW: what widget or gizmo do you use to put up that slideshow in the center column? I tried every right-click trick I have on it but couldn't suss out what was underlying.

Your rain visits us tomorrow. After the spring and early summer we had up here I never thought I'd be saying this, but we can actually use a day of drizzle about now.

Jim

paulae Sep 11, 2009 02:55 PM
Thanks for the compliments!

I used the Featured Content Gallery plugin for the slideshow.

paulae Sep 13, 2009 08:34 PM
I still don't know exactly how it happened, but this is what the consultant said about the hack:

Quote:
The source of the links was a small base64 encoded PHP snippit in your current theme's footer.php, that loaded another page remotely, grabbed the urls off that page, and redisplayed them on the site. The code has been removed.
These links were several screens' worth of porn site URLs showing at the very top of our front page, above the logo.

It cost us over $1000 to get this cleaned up. The hack was inserted back in July, and for some reason only showed up AFTER I had upgraded to WP 2.8.4, had a problem, downgraded back to 2.7.1, then upgraded again. In other words, it was there while we had 2.7.1 running. So upgrade before you get hacked!


All times are GMT -6. The time now is 06:48 AM.

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.