WordPress.org

Ready to get started?Download WordPress

Forums

Two WordPress sites hacked on 9/11 (14 posts)

  1. Jimbo70
    Member
    Posted 2 years ago #

    I manage two WordPress sites (http://www.altemusprime.com, http://www.wasserwerks.com) and yesterday I received notification from two different sources that each site was hacked and was hosting phishing attacks. The only common threads between the two sites is that both are running WordPress and both are managed by me. One site is owned by me and hosted on Zerolag while the other site is owned by someone else and hosted on GoDaddy.

    Both sites were updated to 3.2.1 shortly after that version was released as were the themes and plug-ins for each site. Somehow someone was able to place folder(s) into each sites wp-content/uploads subdirectory. The GoDaddy hosted site, wasserwerks.com, had one folder called "wassa" and a single file called "wassa.htm" that I was able to clean out myself. The attack on the Zerolag hosted site was much more involved, with a couple dozen folders, including one named "altem" added to my wp-content/uploads subdirectory and files distributed through my directories. The Zerolag people are working on that now.

    Is anyone else experiencing this?

  2. The wassa hack is old (about 2006 I think).

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    Change your passwords etc etc.

  3. Jimbo70
    Member
    Posted 2 years ago #

    We're working on that now.

    I typed "wassa" when I meant "wasse". The file folder they set up for this was named after the first five letters of the URL. I was just curious if this was part of a larger issue.

  4. Rev. Voodoo
    Volunteer Moderator
    Posted 2 years ago #

    Aaaaand... off to check all my sites....

  5. Jimbo70
    Member
    Posted 2 years ago #

    Interesting. I was just going to come on here with an update. While my Zerolag based website is being cleaned up by Zerolag, I attempted to clean up my GoDaddy hosted site myself. When attempting to install a new plug-in, I found myself being redirected to secaviable.ru/about/index.php, which quickly (I had to do a print screen to capture the URL) forwards me to Google.com. I just checked my Zerolag site and it is not having this issue.

    Hmm...

  6. Jimbo70
    Member
    Posted 2 years ago #

    Another interesting thing is that the Go Daddy control panel is trying to get me to "upgrade" to WordPress 3.1.3.

  7. Rev. Voodoo
    Volunteer Moderator
    Posted 2 years ago #

    Did you originally install via 1 click on godaddy, and then upgrade WP through WP?

    Godaddy doesn't track that, so they think you are still on the version you installed. They only know if you upgrade, if you use their upgrade feature. If your sites are up to date, ignore the godaddy warning

    My godaddy install thinks I'm on version 2.2.1

  8. Jimbo70
    Member
    Posted 2 years ago #

    The original install was done through GoDaddy; subsequent updates have been through the WP control panel.

    After deleting anything that was created between 9/11 and 9/13, along with any of the legacy stuff on the server, I seem to have cleaned up my site, at least according to the scanner linked above.

    I found another thread on here from a week or two ago describing something very similar.

    http://wordpress.org/support/topic/site-getting-diverted-from-google?replies=27

    I was beginning to think it was something coming from my computer, but now I'm not so sure.

  9. Rev. Voodoo
    Volunteer Moderator
    Posted 2 years ago #

    The fact that it happened at 2 different hosts does make that seem a possibility

    Don't forget to change all your passwords

    DB (and thus in wp-config.php), ftp, hosting, wordpress

  10. Jimbo70
    Member
    Posted 2 years ago #

    I'm working on it now.

  11. Rev. Voodoo
    Volunteer Moderator
    Posted 2 years ago #

    It may be a bit late for you.... but in case you didn't know, you can roll back files on godaddy for something like a month or so

    From the file manager area in hosting, there is a history tab

    You can roll back single or batch files/directories

  12. Jimbo70
    Member
    Posted 2 years ago #

    Good to know for the future. Fortunately the site hosted by GoDaddy is relatively new with only a handful of posts. My concern is my other site; which has more posts and would be more of an issue to rebuild, labor-wise.

  13. Sweet donkey... Upgrade to version TWO!?

    *head desk* Poor GoDaddy.

Topic Closed

This topic has been closed to new replies.

About this Topic