WordPress.org

Support

Malware

  • Thanks to installing wordpress 3.3.1 I now have malware on my site and blacklisted by google. I’ve completely deleted wordpress and plugins and will look for a secure alternative. Thought I would just post something here. Maybe if enough people complain someone will take security seriously.

Viewing 13 replies - 1 through 13 (of 13 total)
  • esmi
    Forum Moderator

    @esmi

    Hacks are not specific to WordPress. They happen to all kinds of sites using a variety of different management systems.

    That maybe true, but I don’t think so. But you are right, I have no positive proof so I should say: there is a possibility wordpress or some plugin I was using in wordpress has a security exploit that infected my site with malware.

    esmi
    Forum Moderator

    @esmi

    There are no known security issues with WordPress 3.3.1 but did you download all of your plugins & your theme from a trusted source?

    Checking your site… http://sitecheck.sucuri.net/results/http://morguefile.com/

    No actual malware, but Opera seems to think it’s bad (Google says not).

    esmi
    Forum Moderator

    @esmi

    morguefile.com??

    sucuri.net isn’t finding the malware because I removed wordpress and the blog, then reinstalled the rest of the site. Google blacklisted me this morning.

    Plugins:
    disqus-comment-system
    wptouch
    wp-to-twitter
    akismet
    google-analyticator
    wp-super-cache

    The site was compromised sometime around Feb 24th 27th, they just used the exploit over the weekend.

    yes, morguefile.com

    The site was compromised sometime around Feb 24th 27th, they just used the exploit over the weekend.

    How’d you figure that the site was infiltrated then? Is that just when you installed WP? Do you have any server logs?

    (And by the way, have you changed all your passwords?)

    Now I am wondering where the exploit is, maybe its not wordpress but its shown up in wordpress. I probably shouldn’t go into a lot more further details until I can figure it out, thanks everyone.

    I have this same issue on all of my WordPress 3.3.1 installations. Every single one of them on 5 different hosts have gotten “index.php” files in the main folder and wp-content and wp-admin injected with a malware javascript (the injected code gets added before the opening <?php)

    the only way i can stop it is to Chmod my index.php files to 444

    Much of the time, WordPress itself isn’t the vector, but a badly coded theme/plugin may be. Or your server may have an issue.

    b747fp – If your WordPress CORE files are being changed, it’s probably a PHP security issue on your server, call your webhost.

    but why would it be a PHP security issue on 5 different hosts… Godaddy, various Cpanel hosts, and a Plesk host… it only started happening since the 3.3.x upgrades. and many of them use suphp so they dont even have any 777 permissions so i doubt it’s a permission exploit. Godaddy has already denied any responsibility or problems on their end.

    esmi
    Forum Moderator

    @esmi

    @b747fp: Please post your own topic.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Malware’ is closed to new replies.