Support » Fixing WordPress » Infections, hacks and viruses: How spread (or not)

Viewing 6 replies - 1 through 6 (of 6 total)
  • Yes, I believe that your three points are correct. But here is something to consider: what if your infected Windows Desktop has a malware bot that looks for FTP credentials and sends them to a hacker database on the Internet? Then any hacker with access to the hacker database on the Internet potentially has access to anywhere you have FTP credentials, including your servers.

    There was a spate of this activity about two years ago. Don’t know how things are now.

    On the other hand, if all the Windows Desktops have one of the major anti-malware products running all the time, with current virus signature updates, then this scenario is not very likely.

    This is a good place to start reading:
    http://codex.wordpress.org/FAQ_My_site_was_hacked

    But here is something to consider: what if your infected Windows Desktop has a malware bot that looks for FTP credentials and sends them to a hacker database on the Internet? Then any hacker with access to the hacker database on the Internet potentially has access to anywhere you have FTP credentials, including your servers.

    jonradio, point taken. This is not the type of infection the boss is looking for. He has made it clear that he is looking for a virus that is residing on the local computers and actually placing the code on the site as we log in. Regardless, all of the computers are clean. Or at least, MicroSoft Security Essentials reports that the Windows Machines are clean, and Sophos reports my Mac as being clean. It is doubtful in my mind that this is what we are dealing with. I’m thinking along the lines of “code injection” I believe it is called via forms. I’ve read this is a fairly common means of this sort of maliciousness.

    Thanks for the info.

    Open Source software poses a unique challenge. Because source code is available, there is usually widespread knowledge of security issues as they are fixed in newer versions.

    That is why it is essential to be up to date with all Open Source software, in terms of running the current Version. Oddly, security fixes are generally the most urgent in the lowest level updates. For example, 3.4 to 3.4.1 of WordPress.

    @ LDMartin1959

    There are hundreds if not thousands of ways to hack someone’s pc or a website. What if you had a keylogger on one of your computers/Mac? Then they could have your login credentials. Then they could log in, use your theme/plugin editor to put in code.

    What if your server is not secure? They symlink your server to read your wp-config. Set up a dummy phpmyadmin (oops I may have that wrong, it’s past my bedtime) and hack your database.

    Also, I clean Windows PC’s from malware for a living. MSE is not enough. It helps, but there are a lot of tools that will catch things it misses and tools to catch things the other tools miss. There is no one overall supreme tool.

    You really need to look at your server logs. Including any SFTP/FTP logs. When observing your regular server logs examine all “Post entries.

    Have you confirmed that none of your themes and/or plugins have vulnerabilities? Are any of them using the timthumb script or variant thereof?

    I would definitely start with your server logs.

    MickeyRoush:

    What if you had a keylogger on one of your computers/Mac?

    I understand that, which is why we run security software on our computers — to detect these things before they can do damage.

    What if your server is not secure?

    I am not an expert — or even reasonably experienced — in the server area. We use fairly well-known and fairly respected hosting companies for our sites so I would think that they have the server configurations rather secure.

    Also, I clean Windows PC’s from malware for a living. MSE is not enough.

    I realize that MSE is not the greatest thing since sliced bread. But we also have a computer guy on staff who seems to know about these things and has a host of other tools he uses to check these things. MSE is just the standard AV/Security program that acts as sorta the initial sentry.

    You really need to look at your server logs. Including any SFTP/FTP logs. When observing your regular server logs examine all “Post entries.

    I’m not exactly sure how we would get to those on the commercial hosting services we use — as I said, the server area really isn’t my strong suit. But we have people who should know how to do that and (hopefully) will share that information with me. I’ll have them check them out. I do know enough to have asked them to check the file creation date/time to try to help pinpoint when these things are happening. Now, if they would just do it…

    Have you confirmed that none of your themes and/or plugins have vulnerabilities? Are any of them using the timthumb script or variant thereof?

    I don’t know about the timthumb script. We have been keeping our plug-ins as updated as we can. As far as the themes, that is a bit of an issue since most of them are using custom, 1-off themes.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Infections, hacks and viruses: How spread (or not)’ is closed to new replies.