Wordpress Themes - WP Forum at BFA
Click here to register or to donate.
Auto self-registration is not available here - far too many spammers. This forum has many, many backlinks and because of that there is an intense desire among spammers to drop their links here.

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme »

WordPress sites being hacked en-mass


  #1  
Old Apr 9, 2010, 07:20 AM
juggledad's Avatar
juggledad
 
23,648 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
It looks like there is some unknown exploit that is being used to hack into WordPress sites en-mass.
The following threads and sites will tell you more about it and how you can find out if you are effected.

http://wordpress.org/support/topic/385477

http://techcocktail.com/home/2010/04...earch-engines/

Note: third link removed - - see post #2
update: seems this site was itself hacked - the author believes it is clean now the site is www christopherspenn com/2010/04/07/find-the-latest-wordpress-hack/

http://www.themelab.com/2010/03/01/d...earch-engines/
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support

Last edited by juggledad; Apr 14, 2010 at 04:05 AM.
  #2  
Old Apr 13, 2010, 01:00 AM
Seek The Truth
 
13 posts · Oct 2009
BEWARE - Third link in list attempted to install a Trojan Horse when I visited the site.
  #3  
Old Apr 13, 2010, 04:54 AM
hospitalera
 
72 posts · Mar 2009
Prague
Ok, I went through all the information, but I am really techno challenged here. First of all is there an easy way to see if one or more of my sites are affected? I am checking at the moment my page source for the homepage of all my sites, is that enough? Any help appreciated! SY
__________________
Hospitalera's Blog
  #4  
Old Apr 13, 2010, 05:36 AM
juggledad's Avatar
juggledad
 
23,648 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
Seek The Truth - what were the symptoms?
What browser were you using?
What OS?
I don't have a problem, but I'm using a mac...
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
  #5  
Old Apr 13, 2010, 06:04 AM
paulae's Avatar
paulae
 
1,333 posts · Feb 2009
Wordpress 3.4.1, Atahualpa 3.7.7
I read somewhere that you can Google your site, and if the page that comes up has a bunch of links to other sites, you've been hacked.
  #6  
Old Apr 13, 2010, 08:08 AM
interage
 
98 posts · Apr 2009
.Hey...

Same thing as Seek the Truth said - third link attempted to install malware upon visiting - I'd remove the link.

M.
  #7  
Old Apr 13, 2010, 07:53 PM
Velma
 
272 posts · Feb 2009
I made the security changes we discussed a short while ago, JD. Will those prevent what's happening here, or should I look further into this?

Thanks.

Velma
  #8  
Old Apr 14, 2010, 03:58 AM
juggledad's Avatar
juggledad
 
23,648 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
Velma, I'd look into this also
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
  #9  
Old Apr 15, 2010, 12:54 AM
acommonreader
 
6 posts · Feb 2010
My site was hacked a couple of years ago - in fact is was so bad it was totally destroyed. Google sent me loads of warning messages and blocked my site from their search. All very embarassing. I just hope by keeping the software up to date I'm secure from this sort of thing now I've relaunched my site.

Tom
  #10  
Old Apr 15, 2010, 12:58 AM
hospitalera
 
72 posts · Mar 2009
Prague
Interesting update on the Wordpress blog http://wordpress.org/development/201...e-permissions/
Seems it was hosting specific ;-( SY
__________________
Hospitalera's Blog
  #11  
Old Apr 15, 2010, 06:57 AM
juggledad's Avatar
juggledad
 
23,648 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
That was my first suspicion when I say how many sites on Network Solutions were being hacked. The simplest answer was something was wrong at the server level.
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support

Last edited by juggledad; Apr 18, 2010 at 05:07 AM.
  #12  
Old Aug 16, 2011, 06:37 PM
JenShelton68
 
8 posts · Mar 2011
NJ
My site was hacked as well as others that I personally know of using the Atahualpa Theme. GoDaddy says it's a hole within the Theme I was using 3.6.4 but have updated to 3.6.7 will that take care of my problem if not how do I go about finding which files were affected?
  #13  
Old Aug 16, 2011, 06:52 PM
juggledad's Avatar
juggledad
 
23,648 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
Did they say what the 'hole' in the theme was or did they just lay blame? Did they say how the hack occurred? Can they document it?
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
  #14  
Old Aug 16, 2011, 07:02 PM
JenShelton68
 
8 posts · Mar 2011
NJ
No they did not mention any of the above. Trust me I have been trying to speak to someone who knows what the hell they are talking about. At this point I had to purchase "Site Scanner" and they have submitted a ticket. I did fail to mention that the other Atahualpa Users also have GoDaddy hosting their site. How do I get them to admit it is a Server Security Issue?

I have restored my site. Updated the Theme. Changed database, cpanel, wordpress passwords and renamed the htaccess file. Is there anything I'm missing?

I do appreciate the quick response Juggle!
  #15  
Old Aug 16, 2011, 07:21 PM
juggledad's Avatar
juggledad
 
23,648 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
Look thru the users in wordpress, their roles. Delete any you don't recognize.
Check your Cpanel ID (change the password)
Look at all your FTP users
take a look at the logs at the site, see if you can see anything in them that will be a clue

Do a google search on 'wordpress site hacked' for other ideas
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
  #16  
Old Aug 16, 2011, 07:25 PM
juggledad's Avatar
juggledad
 
23,648 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
Oh, one other thing. If they can't won't tell you or the theme developer (Flynn) what the exploit is, I'd make plans to move to a new host. GoDaddy is not one of my favorite hosts
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
  #17  
Old Aug 16, 2011, 08:10 PM
JenShelton68
 
8 posts · Mar 2011
NJ
Thanks so much Juggle.....will do!
  #18  
Old Aug 24, 2011, 05:02 AM
lakewooditsupport
 
48 posts · Jun 2011
England, United Kingdom
Is it worth putting SSL on the admin login page? or will it not make a difference?
  #19  
Old Aug 24, 2011, 07:30 AM
mando distancia
 
1 posts · Aug 2011
Ok i had the same thing a while ago...can somebody tell me how to prevent this?
  #20  
Old Aug 24, 2011, 07:38 AM
juggledad's Avatar
juggledad
 
23,648 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
go do a google search, read the articles and implement the suggestions
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
ATO not working - 2 sites one works one does not Foxxx Atahualpa 3 Wordpress theme 11 Mar 22, 2010 11:19 AM
My site's been hacked! paulae Installing & running WordPress 3 Sep 13, 2009 08:34 PM
hacked? rachkitty Atahualpa 3 Wordpress theme 3 May 6, 2009 11:52 AM
{Can this theme get hacked? djmom70 Atahualpa 3 Wordpress theme 7 Mar 25, 2009 06:54 PM


All times are GMT -6. The time now is 01:57 AM.


Powered by vBulletin® Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.