I have to believe that everyone else has noticed that the variety of compromised platforms that bear this "hackers" signature, would seem to imply that WordPress is not a singular target. I will admit that 2.8.4 not being secure is probably going to be a given at some future point. Someone will find something, once again... to exploit. I guess that's just how the game is played... but I'm not yet ready to come to the conclusion that WordPress itself is the responsible entry point on this one. All I'm saying, (at the risk of driving any other gender-insecure individuals to express their obvious omnipotence) is that it would be nice to see a common lowest denominator on this one. Shared environments? Malware based ftp compromise? Specific server configuration issues? This would seem to be a growing vBulletin issue as well. Does anyone know if a honeypot of some sort is possible on sites that have been repeatedly abused?
My site was Hacked (38 posts)
-
ClaytonJames
Posted 2 years ago # -
jimzippy
Posted 2 years ago #Hi bmoon
with regards to moving your wp-config file above the root, there's not much point if you're on a shared hosting environment... As a Hacker who has compromised another site on the server will be able to run a script that reads that file as plain text anyway.
If you are worried that they (hacker) are reading your DB settings in the config file you could zend encrypt those settings (providing your server can read zend encodeded stuff).
If it's always just your clients sites that have the issue and everything you have done is considered "secure" as possible - i'd typically suggest running basic security checks there end - if they're also logging in (as a precaution). If you're managing everything for them, then there's no need to worry about doing that.
Put it one way - i have handed sites over to clients before who have changed there password to their own name - despite a big warning - letter, go figure! lol
-
elizabethrichardson
Posted 2 years ago #I've had 22 sites on a shared hosting plan hacked over the last weekend. I made it easier by using the same ftp password across all of them...so that's my fault and I've fixed it up now. 20 are wordpress, 2 are frontpage sites. All WordPress were 2.8.4 OR 2.8.5.
I have tracked the IP of the hacker and a list of hacker forums who have been regualarly visiting. Have discovered some very strange entries and 404 reports. See http://wordpress.org/support/topic/237003?replies=23
I'd really like to know how do we determine the entry point?
-
CarDriving
Posted 2 years ago #I have been using wordpress for almost 6 months already and never been hack. You must be careful in choosing you username and password and never trust it just to anybody. Just a friendly reminder.
Are you afraid of driving? Conquer your fear today by visiting CarDrivingPhobia.com
-
Roy
Posted 2 years ago #Elizabeth, when a hacker gains access to your server through one site, he will have access to all, that's the pain of shared hosting. Determining how they got in is something I fotunately never had to do. It could be an outdated plugin, it could be a 'rainbow attack' on any of the installs or maybe you even were hacked before upgrading to 2.8.4.
There are a number of things you need to do, such as change ALL passwords (all WP installations,FTP, control panel, anything you can think off. Clean up properly and when you're done, "harden WP".
Finding out how they came in... you could scan your access logs in the hope to find something, have a look at the WP Security Scan plugin which checks for some obvious security issues and it seems that Whooami has some kind of scanning plugin which I cannot find.Good luck.
-
bottleneck
Posted 2 years ago #Whooami has some kind of scanning plugin which I cannot find
http://www.village-idiot.org/archives/2008/04/16/postlogger-for-wordpress/
-
Posted 2 years ago #I understood that she wrote a new one that scans for hack entries. Postlogger is too late when the hack already took place.
-
Posted 2 years ago #
Topic Closed
This topic has been closed to new replies.
