Forums

WordPress › Support » How-To and Troubleshooting

WP 2.6 security?? (6 posts)

  1. VFHwebdev
    Member
    Posted 1 year ago #

    I've got several wp blogs running 2.6.2 and a couple of days ago my host told me we'd been hacked and they're pretty sure they've come through WP. I'm not savy enough to understand all the details, but I am getting absolutely hammered by this hacker.

    I found this: http://wordpress.org/development/2008/10/wordpress-263/
    and tried replacing those files yesterday. I'm still getting hammered.

    Does anyone know of other security holes in 2.6.2 other than what's mentioned above? Should I roll back to something like 2.6.1?

  2. whooami
    Member
    Posted 1 year ago #

    I'm still getting hammered.

    please explain what you mean by that?

  3. VFHwebdev
    Member
    Posted 1 year ago #

    I mean the hacker is still finding their way into my site and is manipulating permissions, deleting folders and posting malicious content.

    Are there any other known security vulnerabilities in WP 2.6.2 other than the one mentioned here: http://wordpress.org/development/2008/10/wordpress-263/

  4. jdembowski
    Member
    Posted 1 year ago #

    Are there any other known security vulnerabilities in WP 2.6.2 other than...

    Not known so far. Usual caveat is that does not mean their isn't any, just not known. Sometimes other methods of getting into a shared host are simpler and more effective than exploiting WordPress.

    The problem with fixing blogs that have been compromised is that often the compromise resulted in installing back doors such as bogus users, replacing files with Truly Evil(tm) versions, etc.

    Fixing the attack vector (assuming it was the snoopy files replaced in 2.6.3, and that can be a big assumption) doesn't fix the newly installed back doors. If you haven't already done so, give Donncha's posting a good read. It's a good reference for the work you may have ahead of you.

    If you are still getting hammered (and it involves computers) there are people here whoo you can ask nicely to help, some of them have cleaned up these messes before.

  5. VFHwebdev
    Member
    Posted 1 year ago #

    Thanks. Because of the back door issue, we've rolled back to a previous backup from a few days before we think the attack started. We've also temporarily taken down any blogs that were running on the site to prevent the hacker from getting back in.

    My plan is to start upgrading all the blogs to 2.6.3 and begin re-posting them to the web server.

    Any advice anyone has is greatly appreciated. Just remember to use small words and type slowly. I'm new to this stuff.

    Thanks!

  6. whooami
    Member
    Posted 1 year ago #

    there was a very thoughtful, recent post by otto on here with recommendations ... doh i found it, its here:

    http://wordpress.org/support/topic/211179?replies=12

    the important thing to pay heed to is that you are actually deleting things, and not relying on just overwriting files.

    any malicious scripts that have been uploaded arent going to be removed bu uploading new files, and just overwriting. Its the most common mistake people with exploited sites make, imho.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.