Compromised site warning from web host

mongrel
(@mongrel)

9 years, 6 months ago
Hey, folks—

I just got a warning from my web host:

We understand that this may not be the best news you can get…We have recently scanned one or more users on your account for potential security threats. Unfortunately, we found some potential indications that your website(s) *may* be compromised

The following files/directories had insecure permissions (777), which
have been remediated.

yoursite.com/wp-content/uploads/vwls
yoursite.com/wp-content/uploads/vwls/_sessions

Additionally, the following steps should be taken to ensure password
security.
Change your users password
Change your database password(s)

Anyone have experience with this “vwls” directory set to 777? Anyone have any advice on how to tell 100 + users that they need to change their passwords?

Thanks.

mongrel
- This topic was modified 9 years, 6 months ago by mongrel.
- This topic was modified 9 years, 6 months ago by mongrel.
- This topic was modified 9 years, 6 months ago by mongrel.

Viewing 4 replies - 1 through 4 (of 4 total)

Moderator t-p
(@t-p)

9 years, 6 months ago

Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

Thread Starter mongrel
(@mongrel)

9 years, 6 months ago

Thanks, t-p!

I’m wondering specifically if anyone specifically has any experience with (in this case the Video Whisper plugin (which I uninstalled long ago) upload directories’ permissions being set to 777, and whether this necessarily indicates a hack.

Sucuri finds no issues, so I have to wonder if there are upload files with the wrong perms occassionly that don’t mean anything. Obviously, I want to take every necessary precaution, but if a DreamHost bot just happens to identify whay *may* be a threat (emphasis theirs) on a routine scan, I can’t stop work for a day or two to go on a snark hunt.

Anyone have any problems with Video Whisper? (I deleted its uploads folder now)

Thanks!

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

🏳️‍🌈 Advisor and Activist

9 years, 6 months ago

the Video Whisper plugin (which I uninstalled long ago) upload directories’ permissions being set to 777, and whether this necessarily indicates a hack.

ANY plugin that requires directories to be set to 777 is either doing WordPress wrong, or the host is messed up. In this particualr case, I suspect the issue is that they didn’t know how to tell if the folder was properly writable and went with 777 as that for sure is, but … well, dangerous 🙂

Does it mean 100% there was a hack? No of course not. But since DreamHost doesn’t need 777s on folders, it’s a sign they use to say “This is shady, so unless you MEANT to do that, man, you’ve got a problem. And if you did do it, you shouldn’t.”

Thread Starter mongrel
(@mongrel)

9 years, 6 months ago

Thanks, Mika.

Gotta love that shot of adrenaline though! Better wake up than a shot of espresso.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Compromised site warning from web host’ is closed to new replies.

Compromised site warning from web host

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics