Wordpress Themes - WP Forum at BFA
There will be no more development for Atahualpa (or any other theme), and no support. Also no new registrations. I turned off the donation system. I may turn the forum to read only if it gets abused for spam. Unfortunately I have no time for the forum or the themes. Thanks a lot to the people who helped in all these years, especially Larry and of course: Paul. Take care and stay healthy -- Flynn, Atahualpa developer, Sep 2021

Wordpress Themes - WP Forum at BFA » Running WordPress » Installing & running WordPress »

My site's been hacked!


  #1  
Old Sep 11, 2009, 09:58 AM
paulae's Avatar
paulae
 
1,333 posts · Feb 2009
Wordpress 3.4.1, Atahualpa 3.7.7
Yes, it happened to me. Yesterday morning, the front page of my site was marred by two screens' worth of links to porn sites. I couldn't tell where it came from, which file it was in. I contacted my new WP guru, who had responded to a question of mine in the wordpress.org forum, and she and her database wizard are in the process of fixing the site. She thinks the hack actually happened in July, but was activated only yesterday. I had already installed WP 2.8.4 the day before, but I guess since the hack was in place while I was using 2.7.1, it was able to wreak havoc.

So, please, please go ahead and upgrade to 2.8.4 ASAP! I will post more as I find out more, and also about ways to "harden" the site against future attacks. I guess one problem with open-source platforms like WP is that the hackers have an easy time writing malicious code to get into it.
  #2  
Old Sep 11, 2009, 01:49 PM
Shepherd Jim's Avatar
Shepherd Jim
 
301 posts · Feb 2009
Bristol, midcoast Maine USA
Hey Paula!

The view from Maine is good! -- your site's looking all cleaned up now (3:30 EDT).

I wonder if your site's "visitor profile" being higher than average increases the chances of it attracting the attention of the hacking bozos. The word is that most hacking these days is done for profit so those porn sites may have likely been paying to have links to their sites "sprinkled around" the www.

The Gazette is looking better than ever!! Congratulations!

BTW: what widget or gizmo do you use to put up that slideshow in the center column? I tried every right-click trick I have on it but couldn't suss out what was underlying.

Your rain visits us tomorrow. After the spring and early summer we had up here I never thought I'd be saying this, but we can actually use a day of drizzle about now.

Jim
  #3  
Old Sep 11, 2009, 02:55 PM
paulae's Avatar
paulae
 
1,333 posts · Feb 2009
Wordpress 3.4.1, Atahualpa 3.7.7
Thanks for the compliments!

I used the Featured Content Gallery plugin for the slideshow.
  #4  
Old Sep 13, 2009, 08:34 PM
paulae's Avatar
paulae
 
1,333 posts · Feb 2009
Wordpress 3.4.1, Atahualpa 3.7.7
I still don't know exactly how it happened, but this is what the consultant said about the hack:

Quote:
The source of the links was a small base64 encoded PHP snippit in your current theme's footer.php, that loaded another page remotely, grabbed the urls off that page, and redisplayed them on the site. The code has been removed.
These links were several screens' worth of porn site URLs showing at the very top of our front page, above the logo.

It cost us over $1000 to get this cleaned up. The hack was inserted back in July, and for some reason only showed up AFTER I had upgraded to WP 2.8.4, had a problem, downgraded back to 2.7.1, then upgraded again. In other words, it was there while we had 2.7.1 running. So upgrade before you get hacked!

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
hacked? rachkitty Atahualpa 3 Wordpress theme 3 May 6, 2009 11:52 AM
Can this theme get hacked? lost all my traffic in one day! Trish Atahualpa 3 Wordpress theme 2 Apr 6, 2009 04:06 PM
{Can this theme get hacked? djmom70 Atahualpa 3 Wordpress theme 7 Mar 25, 2009 06:54 PM


All times are GMT -6. The time now is 01:07 AM.


Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.