WordPress.org

Forums

[resolved] C99 Shell hack, phishing install, several times (10 posts)

  1. dnobendno
    Member
    Posted 8 years ago #

    My blog keeps getting smacked with this stuff, crazy Russians (they call themselves the Captain Crunch security team), who then install AOL phishing sites. Somehow they upload the file (yhg.php) into my server and pretty much get access to everything.

    What did I do wrong the the security front? I just noticed the update and I am upgrading. from 2.0.2 to 2.0.3. Will that be sufficient?

    Thanks,
    Dean

  2. maerk
    Member
    Posted 8 years ago #

    It might help, but you would do well to contact your hosts and ask them what on earth is going on!

    It's not necessarily a wordpress problem, it could be their servers. In any case, they need to know about security problems, and they ought to treat it as a matter of urgency, too.

  3. dnobendno
    Member
    Posted 8 years ago #

    I contacted the host. They blame it on scripts.

  4. scaturan
    Member
    Posted 8 years ago #

    HostForWeb? blame it on scripts? that's it? that's all the explanation they gave you? how much are you paying these guys? :)

    as the host, they should work with you to provide some assurance that they've done substantial amount of auditing and investigation and at the very least, implement some preventive measures.

    http://webhostingtalk.com/ is a good place to start. :)

  5. maerk
    Member
    Posted 8 years ago #

    Yeah, they're really not being very good hosts if they're just telling you it's scripts. For all we know, it could be wordpress, but it might be, for instance, some other client on your shared hosting (just one possibility).

    At the very least, they should be able to tell you a little more about where the vulnerability is -- what file, where the attack is coming from, is it someone on your shared server, etc.

    They should also be careful how they reply, since people use the wordpress forums to help choose their hosting, it's bad publicity if they mess you around.

  6. ofm
    Member
    Posted 8 years ago #

    hmm

  7. reverendsinful
    Member
    Posted 8 years ago #

    disable mysql injection, and php include. that happened to a friend of mine, some skiddie use phpinclude and uploaded a c99shell into his.

  8. mazikaty122
    Member
    Posted 8 years ago #

    thank you very much for this

  9. Asido
    Member
    Posted 8 years ago #

    I found out I have the same problem. A c99 script was uploaded to my hosting account on which I have nothing but wordpress. I am tend to believe that this is a wordpress security exploit.

  10. DianeV
    Member
    Posted 8 years ago #

    Good enough — but have you updated to the latest release for your version of WordPress? These things need to be kept up; otherwise, stuff can happen.

    The WP release announcements are on your internal WP Dashboard.

Topic Closed

This topic has been closed to new replies.

About this Topic