Wordpress Themes - WP Forum at BFA

Wordpress Themes - WP Forum at BFA (http://forum.bytesforall.com/index.php)
-   Atahualpa 3 Wordpress theme (http://forum.bytesforall.com/forumdisplay.php?f=2)
-   -   WordPress sites being hacked en-mass (http://forum.bytesforall.com/showthread.php?t=6663)

juggledad Apr 9, 2010 07:20 AM

WordPress sites being hacked en-mass
It looks like there is some unknown exploit that is being used to hack into WordPress sites en-mass.
The following threads and sites will tell you more about it and how you can find out if you are effected.



Note: third link removed - - see post #2
update: seems this site was itself hacked - the author believes it is clean now the site is www christopherspenn com/2010/04/07/find-the-latest-wordpress-hack/


Seek The Truth Apr 13, 2010 01:00 AM

BEWARE - Third link in list attempted to install a Trojan Horse when I visited the site.

hospitalera Apr 13, 2010 04:54 AM

Ok, I went through all the information, but I am really techno challenged here. First of all is there an easy way to see if one or more of my sites are affected? I am checking at the moment my page source for the homepage of all my sites, is that enough? Any help appreciated! SY

juggledad Apr 13, 2010 05:36 AM

Seek The Truth - what were the symptoms?
What browser were you using?
What OS?
I don't have a problem, but I'm using a mac...

paulae Apr 13, 2010 06:04 AM

I read somewhere that you can Google your site, and if the page that comes up has a bunch of links to other sites, you've been hacked.

interage Apr 13, 2010 08:08 AM


Same thing as Seek the Truth said - third link attempted to install malware upon visiting - I'd remove the link.


Velma Apr 13, 2010 07:53 PM

I made the security changes we discussed a short while ago, JD. Will those prevent what's happening here, or should I look further into this?



juggledad Apr 14, 2010 03:58 AM

Velma, I'd look into this also

acommonreader Apr 15, 2010 12:54 AM

My site was hacked a couple of years ago - in fact is was so bad it was totally destroyed. Google sent me loads of warning messages and blocked my site from their search. All very embarassing. I just hope by keeping the software up to date I'm secure from this sort of thing now I've relaunched my site.


hospitalera Apr 15, 2010 12:58 AM

Interesting update on the Wordpress blog http://wordpress.org/development/201...e-permissions/
Seems it was hosting specific ;-( SY

juggledad Apr 15, 2010 06:57 AM

That was my first suspicion when I say how many sites on Network Solutions were being hacked. The simplest answer was something was wrong at the server level.

JenShelton68 Aug 16, 2011 06:37 PM

My site was hacked as well as others that I personally know of using the Atahualpa Theme. GoDaddy says it's a hole within the Theme I was using 3.6.4 but have updated to 3.6.7 will that take care of my problem if not how do I go about finding which files were affected?

juggledad Aug 16, 2011 06:52 PM

Did they say what the 'hole' in the theme was or did they just lay blame? Did they say how the hack occurred? Can they document it?

JenShelton68 Aug 16, 2011 07:02 PM

No they did not mention any of the above. Trust me I have been trying to speak to someone who knows what the hell they are talking about. At this point I had to purchase "Site Scanner" and they have submitted a ticket. I did fail to mention that the other Atahualpa Users also have GoDaddy hosting their site. How do I get them to admit it is a Server Security Issue?

I have restored my site. Updated the Theme. Changed database, cpanel, wordpress passwords and renamed the htaccess file. Is there anything I'm missing?

I do appreciate the quick response Juggle!

juggledad Aug 16, 2011 07:21 PM

Look thru the users in wordpress, their roles. Delete any you don't recognize.
Check your Cpanel ID (change the password)
Look at all your FTP users
take a look at the logs at the site, see if you can see anything in them that will be a clue

Do a google search on 'wordpress site hacked' for other ideas

juggledad Aug 16, 2011 07:25 PM

Oh, one other thing. If they can't won't tell you or the theme developer (Flynn) what the exploit is, I'd make plans to move to a new host. GoDaddy is not one of my favorite hosts

JenShelton68 Aug 16, 2011 08:10 PM

Thanks so much Juggle.....will do!

lakewooditsupport Aug 24, 2011 05:02 AM

Is it worth putting SSL on the admin login page? or will it not make a difference?

mando distancia Aug 24, 2011 07:30 AM

Ok i had the same thing a while ago...can somebody tell me how to prevent this?

juggledad Aug 24, 2011 07:38 AM

go do a google search, read the articles and implement the suggestions

All times are GMT -6. The time now is 06:48 AM.

Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.