avincent
Member
Posted 7 months ago #
Hey folks.
I've recently been hacked - twice. Last week I had my theme compromised - I fixed it, replaced site files, changed passwords, replaced theme, changed permissions on files... etc.... and a week later it's been attacked again.
The hacker is an egomaniac and has attacked a few other sites, interestingly, mostly ".com.au" domains (which may mean same server??). When hacked the sites look like this:
http://www.google.com.au/search?client=safari&rls=en&q=Mr.DJh&ie=UTF-8&oe=UTF-8&redir_esc=&ei=lh6uTs7yPM6OiAfllenUDw#q=Mr.DJh&hl=en&client=safari&rls=en&prmd=imvns&ei=mh-uTuH5Cq-ZiAf7hMjXDw&start=20&sa=N&fp=1&biw=1331&bih=1216&bav=on.2,or.r_gc.r_pw.,cf.osb&cad=b
Anyway. The hack overwrites the index.php file of the current theme you are using. No idea how. The others are untouched. I have now changed permissions on this file to read only (perhaps it should have been this way in the first place?)
Is it possible to rename the index.php file and amend appropriate code to make it more difficult to see the file and overwrite it?
An suggestions or questions... i'm all ears.
You can't just go to a site and change the index.php. Not when that site has security problems that is. You can't rename the index, the theme will stop working. Adding code to the index is not the way to go either. Read this to see if you have secured your site enough:
http://codex.wordpress.org/Hardening_WordPress
Another thing to consider is that your website is only as save as the least save website on the same server (if you're on a shared server), meaning, if the problem persists and you have done all that you can do yourself, you might want to talk to your host.
avincent
Member
Posted 7 months ago #
Thanks Roy. Yeah I went through that file last week. The server is through a large organisation and on a shared host. It's actually not straightforward to get my password changed but I will need to look into it.
I note that the file path to the target file is easy to see by viewing the home page source code but it should theoretically not be able to be overwritten without FTP access/password.
My idea for renaming the target file would include doing a sitewide search and replace for "/wp-content/themes/theme/index.php" to "/wp-content/themes/theme/somethingelse.php" thus making it harder to overwrite a file you can't see. Plugins and updates would be an issue...If it's not possible then so be it. :/
There will be too many files to 'tell' not to look for index.php but for somethingelse.php and then I still doubt everything will work. Have a look at the CHMOD/file right and talk to your host.
Roy