WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Admin page redirection to http://www4.in-scalefeed.in/?p=p52... (12 posts)

  1. tarambana
    Member
    Posted 3 years ago #

    Hello,
    This morning I received a warning from the antivirus plug in about a posibble infection.

    When I tried to navigate to the login to WP admin page I got this showing on the browser address:

    http://www4.in-scalefeed.in/?p=p52dcWplanKHnc3KbmNToKV1iqHWnG3KXsmYmWmYapycmA%3D%3D

    The browser showed the "cant open the page" form. After another attempt I finally got to the loging page and logged in allright, but the admin displayed all like old html pages, line after line, no graphics but links and funtionality (at least some).

    The blog is dormant at the momment. It has not been accessed at all (admin or anything, so no risk of infections from my or other computer that way). It is a standard WP install with the standard theme and 2 plug ins, Akismet and antivirus). It didn't have any other thing including no posts.

    If this really is a virus infection it can't come from my computer so either the server offers vulnerabilities or WP has some vulnerability.

    Any sugestions or help finding out why I get this? And what is it?

    Thanks a lot

    fer

  2. Remain calm and carefully follow this guide. When you're done, you may want to implement some (if not all) of the recommended security measures.

  3. tarambana
    Member
    Posted 3 years ago #

    Thanks James.
    The point is I've been hit a few times and I have been a few times over those guides and security measures.
    This time I've only set up WP fresh, add most of the recomended security measures, left it there and after a couple of months it's infected again.
    I have not accessed nor has anyone else. I did call my hosting provider that says they don't have news of any virus in the system or strange activity no similar reports.
    And I don't understand.
    The consequence is that now I either don't understand something thats happening everytime I re-install WordPress, or I can't trust my service provider (Fusion-Myserverworld.net)or I can't trust WordPress. :(

  4. This particular attack is a code injection attack and there's really little that you can do about it. The attacker either compromises a hosting account or simply signs up for an account and then fires off some simple code which leverages weaknesses in common shared hosting setups to infect all files (not just WordPress) on the entire server.

    There's really nothing you can do about it except move to a different hosting provider and hope that they have a more secure setup.

    If you want to tough it out, just backup your files and database regularly so you can simply restore if this ever happens again.

  5. tarambana
    Member
    Posted 3 years ago #

    Thanks James,
    Where can I see the code injection so at least I can throw it to the Servers sales and mainteinance (not literally, but someone has to tell then how much pain it is to have this every 2 0 3 months!)
    fer

  6. You'll have to search through all of your files for it. There's no telling where it is exactly.

  7. tarambana
    Member
    Posted 3 years ago #

    Ah!
    Ok. Any idea of what to look for in particular (or where is described on some the existing docimentation)?
    Thanks nevertheless.

    By the way it's a decission taken: I'm changing servers. I know there are a few recomenmdations on WP.org but, (Err.. you sound like you're in Britain!..) any over here in the UK that can be recommended?
    The other thing, is Im off to do a search on the support files for myserverworld.net /.com

    Thanks a lot for your help

  8. tarambana
    Member
    Posted 3 years ago #

    I found base64 code on the files (for the nth time!)
    Thanks a lot for your help James (and WP community in gen)
    f

  9. You're welcome!

    I know there are a few recomenmdations on WP.org but, (Err.. you sound like you're in Britain!..) any over here in the UK that can be recommended?

    No, I'm from California. I've never used any UK hosting providers.

  10. tarambana
    Member
    Posted 3 years ago #

    You seem to have it all!! :) the weather and the good hosting providers.

  11. No, just the good hosting providers. :)

  12. tarambana
    Member
    Posted 3 years ago #

    :)
    Ta James.

Topic Closed

This topic has been closed to new replies.

About this Topic