Loading of malicious code? (5 posts)

  1. nitm
    Posted 4 years ago #


    A friend of mine which has ESET installed told me that my web site (still not in production, but in stage) is giving him security alerts about blocked urls that the site is trying to load.

    I used http://sitecheck.sucuri.net/ to check the site and the result was that indeed in lots of pages there's a try to load a script like this:
    [ Moderated - Don't paste potential malware script here please. ]

    All of those tries have "rr.nu" but the subdomain varies, and everywhere I check I get that those urls are suspicious at best, and malicious.

    Any ideas how those scripts are being loaded and why?

  2. nitm
    Posted 4 years ago #

    Oh, damn.

    Thanks for the reply and info.

    While I don't completely reject the option that someone hacked the server, the chances are not good..
    It's hosted on a shared hosting server, but there's only one user who can access the files and only using ssh (ftp is disabled), and the password for that account was just recently changed, and since then the wordpress instance was upgraded to the newest version.

    Can this be done by hacking wordpress itself?

    Thanks again.

  3. Can this be done by hacking wordpress itself?

    WordPress itself? At this time there are no known WordPress 3.3.1 exploits.

    Themes and plugins? Oh my goodness, yes. There are still plugins and themes using insecure TimThumb code and that get's found and hacked within minutes of being on the Internet.

    Go through those links. Regardless of how it happened, that installation needs to be cleaned up.

  4. nitm
    Posted 4 years ago #

    I see.

    Thanks for your time and info you provided, I'll check out all the links and see what is needed to fix and protect it.

Topic Closed

This topic has been closed to new replies.

About this Topic