Major Hacks Into WordPress [HELP?]

geolitjon
(@geolitjon)

16 years, 8 months ago

So I recently saw some unauthorized files in my folders, including index.php files that contained odd code, which actually redirected to another site.

I called my host [GoDaddy] and believe it or not, they don’t keep FTP logs. I changed my password, but lo-and-behold, the unauthorized files continue to be added.

I was just about to give up, until I took a look at the backlinks going to my site.

It appears that this is a massive-scale hacking attempt across multiple sites, and all of them have happened within the last few weeks. I’m not sure if all of the sites are wordpress sites, but most of them are, which makes me think there must be some sort of vulnerability somewhere.

Of course, I’ve deleted the files, and (fingers crossed) they won’t reappear, but I have a list of all of the sites that contain the weird links in the footer. Is there some sort of common vulnerability that they all have? I’m tearing my hair out trying to figure it out [note the hidden links in the code in the footer]?

http://stephanie.materns.com/
http://savemisterrogers.com/
http://www.leadingtoday.org/
http://theskinnywebsite.com/site/
earfarm.com/features/daily-feature/monday/2010
http://www.esart.com/blog/
http://electronicexplorations.org/the-show/week-047-drumcorps/
http://www.dailywireless.org/2009/02/06/2009-mobile-world-congress/
http://privacycouncil.org/
http://www.greenmamma.org/blog/
http://www.lunch20.com/2007/04/27/lunch-20-linkedin/
http://evil-e.org/
http://www.drdzoe.com/
http://iohanet.org/
http://electricbeach.org/?p=147
http://www.therightperspective.org/2009/01/05/mallgate-broadsides-clintons/
http://www.durf.org/
http://feministlawprofessors.com/?p=8389
http://www.pcs.org/win-big-at-this-years-gala-bright-lights-havana-nights/
http://www.lunch20.com/2007/09/12/lunch-20-oracle/
http://www.thecriticalcondition.com/2009/02/17/when-reality-shows-approach-reality/
http://www.bigdbahead.com/?p=672
http://metroriderla.com/2009/01/01/2009-the-year-in-transit/
http://eyeonwilliamson.org/?p=4065
http://www.imprintsjournal.com/
http://www.casavaria.com/cafesentido/2008/12/25/980/doctors-without-borders-lists-top-ten-humanitarian-crises-at-end-of-2008/
http://www.nickhodge.com/blog/archives/2150

Viewing 2 replies - 1 through 2 (of 2 total)

Doodlebee
(@doodlebee)

16 years, 8 months ago

>>which makes me think there must be some sort of vulnerability somewhere. <<

yes, probably one of the sites on your shared server is the vulnerability. Someone probably has a poor password, didn’t upgrade their WP version (IF it is indeed, WordPress and not some self-built thing) or left their file permissions wide-open. Just because you (and some other people on your server) are running WordPress doesn’t necessarily mean it’s WordPress. Obviously *someone* hasn’t been paying attention to their security, and has compromised everyone.

Contact your host. If it’s across multiple sites, the *server* has been compromised, and they will want to know. They will also track down the source of the problem, and take the necessary steps to fix it.

xinfo
(@xinfo)

16 years, 8 months ago

yaa there keep placing iframe i am tired of updating every day

still i am using latest version 2.8.4 version

well there place iframe only in index.php where ever it present in any folder

eg:root index

wp-inlude/index

wp-admin/index and index-extra

wp-content/index

wp dev help us out from this hackers

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Major Hacks Into WordPress [HELP?]’ is closed to new replies.

Major Hacks Into WordPress [HELP?]

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics