WordPress.org

Ready to get started?Download WordPress

Forums

Reporting hacked WP sites (5 posts)

  1. dphiffer
    Member
    Posted 2 years ago #

    We recently had one of our WP sites compromised at work and we're now in the process of assessing the fallout. Is there some kind of security issue submission process? I'm imagining something like bugtraq, but more WordPress-specific.

    Here is what the attack looked like on the back-end code and resulting front-end HTML.

    wp-includes/kses.php (line 1)
    Front-end HTML (line 32)

    We're already working with an incident response team to help us find evidence of the servers themselves being compromised. So far there's no evidence. And I'm now going through the steps mentioned on the Codex FAQ.

    Since we were up-to-date when this happened, I'm trying to assess the likelihood of entry points besides insecure code, such as privilege escalation or weak user passwords. But I'm also still not 100% sure one of our plugins might have had a known issue. Is there a comprehensive database of plugin/theme versions that are known to have security issues? This seems like something that should exist, if not.

    Thanks,
    Dan

  2. esmi
    Forum Moderator
    Posted 2 years ago #

  3. dphiffer
    Member
    Posted 2 years ago #

    Oops, I deleted the front-end HTML gist. Here's one that just has the attack code:

    https://gist.github.com/2973048

  4. The malware code is just arbitrary and doesn't matter, the important thing is that the site was compromised.

    Those links that Esmi provided can help you get a handle on your installation.

  5. dphiffer
    Member
    Posted 2 years ago #

    Yes, I have recovered many sites from being compromised, but thanks for the links guys. My question is about processes that might help future users, at least to get a sense for how pervasive a particular attack is. I've had 3 other personal sites get attacked on 3 different servers, all of which were up-to-date, some running minimal plugins & themes.

    What I'm hearing here is there are no such process like the ones I'm looking for.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags