• Hi,

    Two of my client’s websites were hacked today with just a post added to their site with the title ‘Hacked By SA3D HaCk3D’. I did a search for this on Google and dozen of results come back with the same post title of other sites with the same injected post.

    As far as I know my client’s sites are secure with tried and tested plugins etc. and because of the amount of sites with the same posts this makes me think it’s a WordPress security issue? Has anyone else had the same issue and has the vulnerability been found as would love to know what caused this?

    Regards,

    Jim Isles

Viewing 6 replies - 16 through 21 (of 21 total)
  • Just got a clients site hit myself.
    Was pretty up-to-date with everything, they seem to be hammering this exploit.

    I think I’ve found the exploit the Skiddies are hammering:
    https://www.exploit-db.com/exploits/41224/

    @logankipp, Very strange that I’ve never noticed and have even moved hosts and they didn’t notice before. These two sites that I have were actually hacked very early in their creation back in 2019 & 2016… Or are they adding these dates? They were just updated in the last few days. So, I can’t restore older versions as it would be impossible to rebuild quickly enough. Speaking with Securi and told that these are very difficult to remove and they are serious. However, I don’t see anything wrong on the site. How do I know to trust what needs to be done and what real damage is being done? I mean, can it wait two weeks or do I need to be seriously concerned? One is a membership site, so not just me involved. Can I simply remove the posts? Neither of these sites have a blog so no one sees these, but still… TIA! (Also Hacked by unknown one one site and Hacked by HolaKo on the other, both with the SA3D.)

    @leapfrogva, the SA3D hack emerged around February 1st of this year and edits existing posts, so what appears to be an “old” hack is actually quite fresh. If you have a database backup from January, it is most likely defacement-free. You could simply remove these posts, but keep in mind that they did overwrite one of your actual posts, so something is probably going to be missing.

    @logankipp, Thank you! I do have one just a few days before for both sites! I’ll do that. I appreciate your time!

    • This reply was modified 3 years, 5 months ago by leapfrogva.

    @leapfrogva you’re very welcome!

    I have a blog that has been hacked and defaced with “Hacked By SA3D HaCk3D”.

    The attack has happened today (or at most yesterday I guess).
    I have restore the whole server from a backup of 5 days ago and then immediately upgraded WP, so I think it’s safe now.

    I’m worried about sensitive data stored in the filesystem: the attacker may have read those files? What about sensitive data that is stored outside the WP directory?

Viewing 6 replies - 16 through 21 (of 21 total)
  • The topic ‘Hacked’ is closed to new replies.