WordPress.org

Ready to get started?Download WordPress

Forums

Malware (14 posts)

  1. mconnors
    Member
    Posted 2 years ago #

    Thanks to installing wordpress 3.3.1 I now have malware on my site and blacklisted by google. I've completely deleted wordpress and plugins and will look for a secure alternative. Thought I would just post something here. Maybe if enough people complain someone will take security seriously.

  2. esmi
    Forum Moderator
    Posted 2 years ago #

    Hacks are not specific to WordPress. They happen to all kinds of sites using a variety of different management systems.

  3. mconnors
    Member
    Posted 2 years ago #

    That maybe true, but I don't think so. But you are right, I have no positive proof so I should say: there is a possibility wordpress or some plugin I was using in wordpress has a security exploit that infected my site with malware.

  4. esmi
    Forum Moderator
    Posted 2 years ago #

    There are no known security issues with WordPress 3.3.1 but did you download all of your plugins & your theme from a trusted source?

  5. Checking your site... http://sitecheck.sucuri.net/results/http://morguefile.com/

    No actual malware, but Opera seems to think it's bad (Google says not).

  6. esmi
    Forum Moderator
    Posted 2 years ago #

    morguefile.com??

  7. mconnors
    Member
    Posted 2 years ago #

    sucuri.net isn't finding the malware because I removed wordpress and the blog, then reinstalled the rest of the site. Google blacklisted me this morning.

    Plugins:
    disqus-comment-system
    wptouch
    wp-to-twitter
    akismet
    google-analyticator
    wp-super-cache

    The site was compromised sometime around Feb 24th 27th, they just used the exploit over the weekend.

  8. mconnors
    Member
    Posted 2 years ago #

    yes, morguefile.com

  9. The site was compromised sometime around Feb 24th 27th, they just used the exploit over the weekend.

    How'd you figure that the site was infiltrated then? Is that just when you installed WP? Do you have any server logs?

    (And by the way, have you changed all your passwords?)

  10. mconnors
    Member
    Posted 2 years ago #

    Now I am wondering where the exploit is, maybe its not wordpress but its shown up in wordpress. I probably shouldn't go into a lot more further details until I can figure it out, thanks everyone.

  11. b747fp
    Member
    Posted 2 years ago #

    I have this same issue on all of my WordPress 3.3.1 installations. Every single one of them on 5 different hosts have gotten "index.php" files in the main folder and wp-content and wp-admin injected with a malware javascript (the injected code gets added before the opening <?php)

    the only way i can stop it is to Chmod my index.php files to 444

  12. Much of the time, WordPress itself isn't the vector, but a badly coded theme/plugin may be. Or your server may have an issue.

    b747fp - If your WordPress CORE files are being changed, it's probably a PHP security issue on your server, call your webhost.

  13. b747fp
    Member
    Posted 2 years ago #

    but why would it be a PHP security issue on 5 different hosts... Godaddy, various Cpanel hosts, and a Plesk host... it only started happening since the 3.3.x upgrades. and many of them use suphp so they dont even have any 777 permissions so i doubt it's a permission exploit. Godaddy has already denied any responsibility or problems on their end.

  14. esmi
    Forum Moderator
    Posted 2 years ago #

    @b747fp: Please post your own topic.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags