WordPress.org

Ready to get started?Download WordPress

Forums

What to do about sites hacked by the Crows Crew? (7 posts)

  1. raegenhare
    Member
    Posted 1 year ago #

    All of my WordPress websites have been hacked by a group calling themselves the Crows Crew:

    [Link moderated - let's not give them any more advertising, eh?]

    I am restoring all of my sites from backups right now, but I would like to know what I can do to keep them from re-hacking the websites again.

    I have not seen any information posted about how they are hacking all these WordPress websites, but a thread over at Createspace says it seems to be directed to publishers and authors:

    http://bit.ly/U98EcZ

    Does anyone know what they are doing, and what is being done to secure WordPress 3.5 against their attacks?

    Thanks.

  2. esmi
    Forum Moderator
    Posted 1 year ago #

  3. raegenhare
    Member
    Posted 1 year ago #

    I have restored my sites using backups. My question is, what is WordPress doing to fix the problem? Obviously, the hackers are exploiting some security weakness, and they are busy hacking lots of other websites. When can we expect a patch to address whatever it is they are using to take over websites?

    Thanks.

    P.S. -- Yes, I did read the link from ottopress.com about back doors. These guys were able to install a subdirectory named "image" containing 7900+ files inside WordPress, and I had to have my host remove the files because they were locked in such a way that I could not delete them myself.

  4. My question is, what is WordPress doing to fix the problem?

    First thing to do is not reflexively blame WordPress. There are no known security holes at this time. But some third-party plugins and themes are found to be insecure from time to time; they're not produced by WordPress.

    Obviously, the hackers are exploiting some security weakness, and they are busy hacking lots of other websites.

    Many, many hacks are a result of insecure, cheap shared hosting. Who is your web host for those sites? Justhost, GoDaddy, 1and1, powweb and more are all known to be insecure hosts.

    When can we expect a patch to address whatever it is they are using to take over websites?

    The best thing to do is simply update when updates are available.

  5. I have restored my sites using backups.

    As word to the wise: please follow those links that Esmi posted and harden your install. If all you did was restore the older backups then you'll be hacked again in no time.

  6. mrevans1981@gmail.com
    Member
    Posted 1 year ago #

    My site was hacked today by these crows, I am not that security savy.... but I was able to find this code in side bar 1. and when I deleted it the site was back to normal.

    sidebar1
    <script>[code moderated]</script>

    I updated the wordpress... I hope I am protected now but who knows...

  7. I hope I am protected now but who knows...

    You're not protected unless you read and follow all the lnks posted above by esmi.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags