WordPress.org

Ready to get started?Download WordPress

Forums

Defaced - how they gain acces to FTP? (7 posts)

  1. dandr69
    Member
    Posted 5 years ago #

    My blog was defaced today.
    I wonder how they get FTP acces?? They uploaded at leas two files - index.php and hackers.php files.
    Is this some WordPress vulnerability or some uploading feature??

    Thanks,
    Dan

  2. Austin Matzko
    Member
    Posted 5 years ago #

    The only way to know for sure is to go through your server's log files.

    Your FTP logs should indicate if anyone other than you accessed the FTP server; if so, then perhaps someone picked up your password, which isn't terribly difficult since it transmits in clear text. Do you share a network with unknown people? Have you used FTP at an open WiFi location? There are many possibilities.

    If you're on a shared host, then it's possible that someone else's site has been compromised and your site's directory was also targeted. Again, the log files should tell the tale except for the most devious of crackers.

  3. ChrisThomson
    Member
    Posted 5 years ago #

    Which plugins do you have installed, dandr69? Are they all up-to-date? In the past, I've had my blog defaced due to a security vulnerability in an older version of a plugin.

  4. Saurus
    Member
    Posted 5 years ago #

    If your .htaccess file is setup properly - nobody should even be able to view your files, let alone modify them. Get on the web and search for one of the many sites explaining constructing a good .htaccess file and what to put in it to prevent such nonsense.

    The file should then be uploaded to your servers root - not the WP root.

  5. dandr69
    Member
    Posted 5 years ago #

    Thanks for the advice.
    My hosting people discovered that the problem was in my "friends" section, I use PHPizabi for connecting with friends. It gave them complete accesss to the site, including WordPress.

    Also this problem was connected with the fact that Register Globals and Safe Mode were both On.

  6. gilliancs
    Member
    Posted 5 years ago #

    Dandr69, thanks for taking the trouble to post your solution.

  7. WebDev WaxLotus LLC
    Member
    Posted 5 years ago #

    Do a search for PHPizabi. You may find that there are serious allegations/history...

Topic Closed

This topic has been closed to new replies.

About this Topic