Wordpress Themes - WP Forum at BFA
There will be no more development for Atahualpa (or any other theme), and no support. Also no new registrations. I turned off the donation system. I may turn the forum to read only if it gets abused for spam. Unfortunately I have no time for the forum or the themes. Thanks a lot to the people who helped in all these years, especially Larry and of course: Paul. Take care and stay healthy -- Flynn, Atahualpa developer, Sep 2021

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme » New Versions, & Updating »

Hack Attack and FileZilla


 
Prev Previous Post   Next Post Next
  #1  
Old May 26, 2012, 05:55 PM
rickheck
 
139 posts · Oct 2009
Hack Attack and FileZilla

I experienced a hack of the header.php file that resulted in an inserted iframe that contained Search Results Clicking fraud (the inserted code simulates a click on search results links, giving the hacker "click income").

I believe the attack vector was on a local computer that had a 'drive-by' insertion of some java exploit. I do keep my system quite current on patches, so can't verify the attack vector.

But I believe that, once the exploit got into my system, it used my FTP credentials to upload a changed header.php file to a WP site's active theme folder. And the reason that was successful is because I was using FileZilla as my FTP client.

FileZilla stores FTP credentials (site/user/password) in an easily accessable plain text file. These credentials are not encrypted. And this easily accessable exploit of the FileZilla FTP credentials doesn't seem to be any concern to the FileZilla developers.

So, my warning to others: do not use FileZilla as your FTP client. Uninstall, then manually remove the settings file (not removed by the uninstall, look in your %APPDATA% folder).

Then change all your FTP site credentials. And then use a different FTP client program. I recommend WinSCP, which has an optional 'master' password that will encrypt your FTP credentials.

IMHO: do not use FileZilla if you enable it's 'save password' feature. Your sites will most likely be compromised.

...Rick...
 

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help - Recovering from major hack mandrakeman1965 New Versions, & Updating 8 Aug 22, 2010 06:52 PM
Testing new thread, question about hack paulae Atahualpa 3 Wordpress theme 1 May 18, 2010 01:45 PM
admin-ajax-php hack? CHi106 Atahualpa 3 Wordpress theme 0 May 16, 2009 05:01 PM
[SOLVED] WordPress Firewall has detected and blocked a potential attack! Craig Mattice Atahualpa 3 Wordpress theme 0 May 5, 2009 03:59 PM
A hack to align page navigation menu to center araneum Page & Category Menu Bars 8 Apr 9, 2009 07:48 PM


All times are GMT -6. The time now is 05:37 PM.


Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.