40 {{ upvoteCount | shortNum }}
40 {{ upvoteCount | shortNum }}

WordPress hacked - it was OptimizePress - TWICE

by thisisalexander
31 replies
UPDATE - ANOTHER HACK !!!!! Started January 2013

And this Time I used the most current version of OP!!!

This folder was infected:


wordpress/wp-content/uploads/optpress/images_comingsoon

File:

2013012216-23-06filem.php


and in April:

wordpress/wp-includes

File

wp-RbLO9K.php



You want your blog get hacked? Infiltrated? Use Optimizepress and get it hacked!

OptimizesPress is a security risk!

Sadly I only found out, when I completely scanned my harddrive with avast.. and my old backups

Even the crapshit clamAV never found anything.

Now I have to check my installation, see what is messed up...

Dont come with "use the latest blabla". I USED the latest version!!!


In 2011, another installation got hacked...
#hacked #optimizepress #wordpress
  • Profile picture of the author dvduval
    I just don't use wordpress. So many sites get hacked. It gets old. You end up paying for wordpress one way or another. Might as well start with something that isn't free that gets hacked less.
    Signature
    It is okay to contact me! I have been developing software since 1999, creating many popular products like phpLD.
    {{ DiscussionBoard.errors[8059631].message }}
    • Profile picture of the author KenJ
      Originally Posted by dvduval View Post

      I just don't use wordpress. So many sites get hacked. It gets old. You end up paying for wordpress one way or another. Might as well start with something that isn't free that gets hacked less.
      As a matter of interest. What do you use? I have almost felt obliged to use Wordpress even though I don't like many aspects about it. In the olden days I used something called Frontpage. It was brilliant and easy to use. But all the clever techie people said it was bad and full of unnecessary code.

      For us non techie people it is difficult to know where to turn for a quick and easy site building solution.

      KenJ
      {{ DiscussionBoard.errors[8096814].message }}
      • Profile picture of the author dvduval
        Originally Posted by KenJ View Post

        As a matter of interest. What do you use? I have almost felt obliged to use Wordpress even though I don't like many aspects about it. In the olden days I used something called Frontpage. It was brilliant and easy to use. But all the clever techie people said it was bad and full of unnecessary code.

        For us non techie people it is difficult to know where to turn for a quick and easy site building solution.

        KenJ
        I have to say first of all this is somewhat self promotion to answer, but I use phpLD. It never gets hacked and some sites have been up for 8 years and still rock solid.
        Signature
        It is okay to contact me! I have been developing software since 1999, creating many popular products like phpLD.
        {{ DiscussionBoard.errors[8116557].message }}
        • Profile picture of the author KenJ
          Originally Posted by dvduval View Post

          I have to say first of all this is somewhat self promotion to answer, but I use phpLD. It never gets hacked and some sites have been up for 8 years and still rock solid.
          OK. You got me looking at it.

          KenJ
          {{ DiscussionBoard.errors[8118398].message }}
  • Profile picture of the author Josh Monroe
    Originally Posted by thisisalexander View Post

    UPDATE - ANOTHER HACK !!!!! Started January 2013

    And this Time I used the most current version of OP!!!

    This folder was infected:


    wordpress/wp-content/uploads/optpress/images_comingsoon

    File:

    2013012216-23-06filem.php


    and in April:

    wordpress/wp-includes

    File

    wp-RbLO9K.php



    You want your blog get hacked? Infiltrated? Use Optimizepress and get it hacked!

    OptimizesPress is a security risk!

    Sadly I only found out, when I completely scanned my harddrive with avast.. and my old backups

    Even the crapshit clamAV never found anything.

    Now I have to check my installation, see what is messed up...

    Dont come with "use the latest blabla". I USED the latest version!!!


    In 2011, another installation got hacked...
    Possibly because your using a pirated/nulled/cracked version of the theme?
    {{ DiscussionBoard.errors[8059636].message }}
    • Profile picture of the author georgedinmore
      Originally Posted by Josh Monroe View Post

      Possibly because your using a pirated/nulled/cracked version of the theme?
      In fact, it is the way they have coded it. It has a exploit which can then be used to do anything with.

      Cracked - Nulled - Pirated - Does not matter, if the code is not locked and secured properly, then it it open game for hackers.

      There has been loads of versions of wordpress themes that have been coded incorrectly, and left them open to exploits.

      If these themes or plugins were coded right in the first place, then these exploits would not exist.
      Signature

      *edit

      {{ DiscussionBoard.errors[8059644].message }}
      • Profile picture of the author Josh Monroe
        Originally Posted by georgedinmore View Post

        In fact, it is the way they have coded it. It has a exploit which can then be used to do anything with.

        Cracked - Nulled - Pirated - Does not matter, if the code is not locked and secured properly, then it it open game for hackers.

        There has been loads of versions of wordpress themes that have been coded incorrectly, and left them open to exploits.

        If these themes or plugins were coded right in the first place, then these exploits would not exist.
        Thanks for the info!

        My comment was simply due to the fact that a lof of pirated themes have backdoors in them which result in people getting hacked, glad you could clear up my confusion for me
        {{ DiscussionBoard.errors[8059654].message }}
  • Profile picture of the author erwin78
    Hi everyone,

    I use OP as well and thanks to God my site wasn't hacked and I hope it will stay like this!

    Use strong password and check your site regularly that is my advice

    All the best and see you on top

    Erwin
    Signature

    My blog http://erwinmentel.com
    Or http://stabilitate.com/wealthandhealth

    {{ DiscussionBoard.errors[8059674].message }}
    • Profile picture of the author Karen Blundell
      My best advice is to do the opposite of what the masses do - don't use what everyone else is using.
      Signature
      ---------------
      {{ DiscussionBoard.errors[8059723].message }}
  • Profile picture of the author humbledmarket
    Banned
    Try using Wordfence and make sure your username login isn't "admin"
    {{ DiscussionBoard.errors[8059697].message }}
  • Profile picture of the author jay walters
    Hi guys, I have been using OptimizePress so far everything is working fine with me.
    {{ DiscussionBoard.errors[8063900].message }}
  • Profile picture of the author Tim3
    Do you have your server folders properly secured with .htaccess files?
    Are you using any security plug-ins?
    Are you using trusted plug-ins and scripts?
    Have you contacted James at OP?
    Signature

    {{ DiscussionBoard.errors[8063988].message }}
  • Profile picture of the author Vincent Abrugar
    I think its not OptimizePress fault why you got hacked.

    There are other things, like your web host security, are you using shared hosting? Are you using the latest version wordpress and plugins? Do you have outdated themes in your theme directory? Is your computer malware/virus free?
    Signature
    WordPress Malware Removal & Support Services
    www.vincentabrugar.com
    {{ DiscussionBoard.errors[8064026].message }}
  • Profile picture of the author Clausenlt
    Yeah...being something of a PC "expert" guy myself, I know from experience many hacks are due to end user mistakes....PW's can be the problem among others.

    And you are very much mistaken if you think code alone is the problem. With a good hacker it doesn't really matter.

    Maybe someone doesn't like you...just saying.


    Maybe your PW sucks.

    Maybe your WP install was corrupted...maybe your PC infected your site when you logged into it becasue you visit so many porn sites!!!!!


    Lots of reasons your site can be screwed.....
    {{ DiscussionBoard.errors[8064057].message }}
  • Profile picture of the author joseph7384
    Originally Posted by MemberWing View Post

    See this for free, deep web filespace security scan:
    (Self promotional link removed)

    Gleb
    If you're going to give a plug for a site that is owned by you, the least you can do is be transparent.
    Signature
    {{ DiscussionBoard.errors[8064083].message }}
  • Profile picture of the author mindofkennedy
    Hi guys,

    I am hosting with several different hosts for different sites, all using OP and each one has been hacked so far to that same place.

    I am using secure passwords and even captcha to enter all areas of the sites. Anyone got any advice?
    {{ DiscussionBoard.errors[8084748].message }}
    • Profile picture of the author MemberWing
      Originally Posted by mindofkennedy View Post

      Hi guys,

      I am hosting with several different hosts for different sites, all using OP and each one has been hacked so far to that same place.

      I am using secure passwords and even captcha to enter all areas of the sites. Anyone got any advice?
      You probably having holes within your app (wordpress? plugins? themes?) and same hole hacker uses to enter your hosting space.
      I suggest to scan your web files to find out if there are any outstanding backdoors or malware present within your sites.

      Gleb
      Signature
      {{ DiscussionBoard.errors[8084953].message }}
  • Profile picture of the author katherineolga
    I am always interested in these posts. I got hacked once and it was a bad situation. I am always looking for ways I can prevent it in the future! I have been trying to add security features to my blogs now and being more diligent about it. It's so unfortunate when this happens.
    Signature
    Limited Time Offer for Warriors - 10 Articles for $50


    Writing and Marketing for Success - My Online Business Journey
    {{ DiscussionBoard.errors[8084805].message }}
  • Profile picture of the author Rob Maggs
    I like optimizepress, but my coder told me the coding is pretty amateurish and that I should move to "Premise" designed by the Copyblogger guys and which is built on the Genesis platform...

    I have bought it, but not yet implemented although the membership options are awesome and you don't need any third party plugins to secure.
    Signature
    How To Totally Kill it On Facebook
    {{ DiscussionBoard.errors[8085364].message }}
  • Profile picture of the author NewRiseDigital
    I recently had an email conversation with James Dyson, CEO and Founder of OptimizePress. We were conversing as Bing was picking up the OptimizePress theme files as malware on one of my websites (and obliterating my ranking at the same time), and it turned out that there was some coding in OptimizePress that in fact acted in the same way as potentially malicious code

    James said in a recent support ticket

    "I have had a look at your file - the highlighted optimizepress code is not any danger to your site - these are definately false positives. The eval code that is highlighted because this can be used by some coders to hide code - it is used in our system as part of the optin form sections and a few other sections because some codes we integrate with can break wordpress if we do not encode them in a certain way, which is why this is required. "

    It's unfortunate that OP decide to code their theme in a way that makes bing think it's malware and it's certainly not helpful for SEO...
    Signature
    Interviews With The Top Digital Marketing Experts - Get The New Book "Essential Digital Marketing For Small Business http://newrisedigital.com/book
    {{ DiscussionBoard.errors[8096315].message }}
  • Profile picture of the author Osman_M
    I have had some wordpress sites hacked but not optimizepress sites. The code is not secured? Help my out guys what do you mean by that?
    Signature
    {{ DiscussionBoard.errors[8096764].message }}
  • Profile picture of the author garmahis
    Basic WordPress security is to change admin username, install Limit Login attempts plugin and Better WP security.
    {{ DiscussionBoard.errors[8098018].message }}
  • Profile picture of the author johnlagoudakis
    If you site is been hacked the first thing you need to do is restore your files/database. Next thing is change your username and password. Create a difficult username and password. And inform your web host regarding about your site is been hacked.

    I hope this helps.

    Regards,
    John Lagoudakis
    Signature
    Need help getting more leads and sales? *** Click here to work with me ***
    {{ DiscussionBoard.errors[8118711].message }}
  • Profile picture of the author thedanbrown
    Bolt is a good alternative to Wordpress and pretty easy to use if you know nothing about coding (like me).
    Signature

    {{ DiscussionBoard.errors[8118939].message }}
    • Profile picture of the author luckyman
      Dang...and I just brought OptimizePress. Would installing security plugins help cover the security weaknesses in OP then? Does it help; otherwise I might just consider another platform..
      {{ DiscussionBoard.errors[8119056].message }}
  • Profile picture of the author Jeffery
    Alexander,

    You were hacked in January, April, and again this month. Why are you still using the same theme? You are allowing yourself to be hacked by repeatably using the theme.

    That is like complaining about getting three different diseases from the same person in January, April, and again this month.

    Jeffery 100% :-)
    Signature
    In the minute it took me to write this post.. someone died of Covid 19. RIP.
    {{ DiscussionBoard.errors[8119101].message }}
    • Profile picture of the author Its Trish
      Yikes!!!

      Does Optimize Press version 2 have same security flaws as version 1 ?



      Originally Posted by mindofkennedy View Post


      Subj: Re: WordPress hacked - it was OptimizePress - TWICE

      I am hosting with several different hosts for different sites, all using OP and each one has been hacked so far to that same place.
      Originally Posted by thisisalexander View Post


      ANOTHER HACK !!!!! Started January 2013

      And this Time I used the most current version of OP!!!

      OptimizesPress is a security risk!

      In 2011, another installation got hacked...
      Originally Posted by Rob Maggs


      I like optimizepress, but my coder told me the coding is pretty amateurish and that I should move to
      Originally Posted by georgedinmore


      In fact, it is the way they have coded it. It has a exploit which can then be used to do anything with.

      ... ... if the code is not locked and secured properly, then it it open game for hackers.

      There has been loads of versions of wordpress themes that have been coded incorrectly, and left them open to exploits.

      If these themes or plugins were coded right in the first place, then these exploits would not exist.
      {{ DiscussionBoard.errors[8446239].message }}
  • Profile picture of the author Jtraits
    sites get hacked ... either strong usernames, passwords, and so on... it's just that using a strong username and password and all the other measures, it's more difficult but not impossible ... what to do is use all the things you can do in order to prevent hackers... and at least once a week, backup your files and transfer them to an external HDD, usb or something ...
    {{ DiscussionBoard.errors[8446735].message }}
  • Profile picture of the author commerce cat
    I use Premise - it's very straightforward but I think OP has more pretty designs straight out of the box.
    Signature

    Cat @ Product Creation Blog
    Join the free 30 Day Product Creation Challenge and create your ebook in a month with support
    Twitter: www.twitter.com/productcreate
    Facebook: www.twitter.com/productcreation

    {{ DiscussionBoard.errors[8446787].message }}

Trending Topics