wordpress sites hacked - looking for information

by 10 replies
12
This is the second time this year my wordpress sites have been hacked. I am looking for some information on what this hack is and some suggestions on preventing this stuff in the future.

The hack put code into a lot of pages on most of my hosted sites. The code started with "" and continued with a bunch of encrypted code.

I found files in each website directory with names similar to
period_ginny.php
environment_miguel.php

One htaccess file that I looked at had this at the top of it
Code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*(msn|live|altavista|excite|ask|aol|google|mail|bing|yahoo).*$ [NC]
RewriteRule .* <SWEEPSTAKES SITE - COULD NOT ADD TO POST> [R,L]
</IfModule>
Not sure if all of this is related. I am working to clean it up, in a similar method that I used when hit with the "airschk" hack earlier this year.

I will again go through and change all passwords (which I did before), and follow all the suggestions that my host has given me. Any suggestions from you all?

Anyone know what this hack is doing?

If I should post in another section of this forum, please let me know. Thanks in advance.
#programming #hacked #information #sites #wordpress
  • You Should Use one of the Product I recently launched to protect wordpress site. I am not advertising my product but since you wanted a solution, I am providing you one. Checkout my signautre. We have taken care of some major issues and provided 4-Way Protection in that plugin.
  • Strengthening a WordPress site against hackers is not just about focusing on WordPress - you need to have a security mindset towards everything from your machine through your FTP activities and WordPress itself.

    The second part of this article sets out some things you should think about that will help to protect your site in future:

    How to Fix a Hacked WordPress Site | WealthyDragon

    Cheers,

    Martin.
    • [ 1 ] Thanks
  • Sorry to hear this! My tips are super strong passwords. Keep Wordpress constantly up-to-date! Google Wordpress Security for the Top 10 Tips--they're everywhere. Just be careful not to block the /wp-content folder in robots.txt as some recommend, or else you will disappear from search!
  • Hi there,

    google the "timthumb" hack, might be it... you^ll find a lot of information on how to fix it.

    Cheers,
    Rob Konrad
  • thank you very much
    • [1] reply
    • thanks for everyone's help. @RobKonrad, it looks like that is what it was. Feel bad for people that have a lot more sites than I do. Not sure how they keep up with all the hackers
  • Most of the sites I have seen hacked were accessed through vulnerabilities in the host setup, likely via access to the cpanel or the apache web files. The malicious entries in your .htaccess seem to indicate that is what happened to you.
  • I recently installed a good plugin called Better WP Security. Once installed it lists all the places your site may be vulnerable in red. Then with a click of a button it will fix those vulnerabilities and show them in green.
  • I've had my run with this kind of hack. Basically anyone coming from the search engines will get redirected to the hacker's designated site. If you type the URL of your site directly, it loads just fine since none of the search engines are the referrer.

    This is a problem of the host setup than wordpress itself. Are you hosted on windows? This is more prevalent on windows platforms as well.
  • MOST of these hackers get in through plugins and themes that you've added to your wordpress. They write the themes with these hacks already built-in.

    Install TAC - its a free plugin available on wordpress.org and it will check all of your themes for vulnerabilities.

    Install it on all wordpress sites.
Join the discussion

Next Topics on Trending Feed

  • 12

    wordpress sites hacked - looking for information

    This is the second time this year my wordpress sites have been hacked. I am looking for some information on what this hack is and some suggestions on preventing this stuff in the future. The hack put code into a lot of pages on most of my hosted sites. The code started with "<?php $_8b7b=" and continued with a bunch of encrypted code.