singl,hueman,eighties,cubby,moesia virus/hacking warning
-
Hello, sorry to bring potentially bad news, I’d be open to suggestions about raising security level on my sites & will be working on this today.
My site was hacked by an unknown source and is infecting these themes in my files.
singl,hueman,eighties,cubby,moesia
I can’t tell if the infection came from a plugin or not
passwords are now changed, but my webhost says it came via wordpress –I assume it was a plugin. any help in finding the culprit would be greatly appreciated.
-
This isn’t a theme issue, it’s your site that’s been compromised.
You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/Additional Resources:
Hardening WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.htmlthanks I will look at this list. My webhost says “malicious files was uploaded to your account due to vulnerability in your scripts or you have installed infused plugin or themes from unofficial resource.”
I only ever use plugins from the wordpress list inside dashboard. I don’t know what they mean by “vulnerability in your scripts” , but perhaps i will after i look at th above list
just to clarify, I am not a coder and i don’t create “scripts” of any kind. I am just a user of wordpress with no resources to buy my future company web design elswhere.
I have installed no unofficial plugins or themes – only ever those directly from wordpress dashboard.
So my conclusion that the infection came from wordpress plugins seems logical to me. Unless the “vulnerability in your scripts” means via an infection that my own computer has had separately and somehow passed on to wordpress while I was logged in to the admin dashboard?
Is that possible?
these are the themes that my webhost said were infected and so what i need to know is did I pass the infection on from my own computer or did it get downloaded and uploaded into my theme files, from a plugin via wordpress dashboard?
I used a new anti virus, premium programme and it did find a trojan on my PC (not in wordpress) from a programme called “herd protect” that i had used as a malware finder. could this have been passed to wordpress? via my pc?
Is there a way to check if this is what they were coming from ?
I spotted the list of spam links on my “contact” page, where I had used this plugin
and a malware search using a wordpress malware plugin also highlighted Best Web Soft Contact Form plugin as a potential threat.I had previously removed the plugin
I do not recommend using it
is anyone bothered about this weakness in wordpress? like I keep saying, I don’t make scripts, I only use wordpress stuff from the wordprss site and i don’t change anything.
WordPress is not very safe , is it?
and this is what I found on an actual page;
[soliloquy id=”2751″]
hublot replica
hublot big bang replica
rolex replica
breitling replica
fake breitling
omega replica
replica watches
swiss replica watches
fake watches
gucci replica
rolex replique
replique breitling
replique omega
replique hublot big bang
montre replique tag heuer
montre repliquethere are words to describe these idiots and they arn’t nice words
so, I just discovered another one,
a term [sololiqy] or something like that then followed by a number and this list of links: -I did copy and paste that in a post here but it disappeared!!!!hublot replica
hublot big bang replica
rolex replica
breitling replica
fake breitling
omega replica
replica watches
swiss replica watches
fake watches
gucci replica
rolex replique
replique breitling
replique omega
replique hublot big bang
montre replique tag heuer
montre replique
what is wrong with wordpress?It looks like you gave access to Vlad (@vladff) back here: https://wordpress.org/support/topic/background-images-on-front-page-broken?replies=16&view=all
First of all, you should never give admin access to (relative) strangers. Vlad shouldn’t have asked for it. We actively discourage that here since you’re giving strangers the keys to your castle. Secondly, you should have removed the account or lowered the access as soon as the work was done.
That said, have you contacted the email to ask what happened?
If his account was hacked, he had every reason to assume you removed the account. After all, that’s just good security, right?
There’s no really easy way to prove if Vlad did this spam injection himself or if the account you left had a bad password that was easily cracked and then used as a vector for a scripted attack. But you need to talk to them first and ask IF the email account was compromised.
Wow. My email is not compromised. Nor did I hack anyone. Check our forums (athemes.com/forums), I’ve been through tons of users sites without any issues. I’ve built Moesia, why would I do something like that?
Now I’m going to read through this topic completely to see what’s up, just wanted to mention this first.@vladff I’ve redacted your information in these forums.
Vlad shouldn’t have asked for it.
+1 Million that.
I am 100% certain that Vlad had nothing to do with the OP’s installation getting compromised.
Sadly? I am also 100% certain that no one can prove that I’m correct.
Vlad, when log into someone’s installation that way you do open up the flood gates for being held responsible when Bad Things Happenβ’. That’s just human nature but I sincerely suggest you stop that practice immediately. It’s not worth the potential liability.
@pandoraslunchbox Please review the links above. I’m sorry but until your system is deloused then this is not going to go away and you’ll still have problems.
I went through the topic, glad it was edited in the meantime. I’m also glad I was pinged here so I can see what’s going on.
To summarize:
– my email account is still safe;
– I make a living building themes, I should be a complete moron to even attempt to do something like this intentionally;
– the theme doesn’t have anything to do with your issues.I would appreciate if the review also gets edited.
Vlad, just FYI, you shouldn’t really ask for access to people’s sites to fix things unless there’s absolutely no other way.
From the Forum Welcome:
- Forum members should not post their email addresses, ask others to post their email or solicit contacting people off of the forums.
- Plugin and theme authors may post their contact URL or even their email address in their own support sub-forum, but that should be a last resort thing.
It’s not that you shouldn’t be trusted but, well, you shouldn’t be trusted π Heck, I shouldn’t be trusted. We’re unknown entities to many people, and asking for Admin Access is really a big deal. Users shouldn’t get used to thinking it’s the right thing to do since in many many cases, it’s not. Security and all that.
It looks like the admin account that was used by you to test out things on the site was a vector for spamming. Someone logged in as that account, which was still an admin.
That’s one of the MANY reasons why asking for admin access is bad :/ Users don’t always remember to delete accounts. If you do plan on asking people for access, take the extra step and tell them to change the access to subscriber or delete the account when done.
@jan: thank you.
I probably logged on hundreds of users sites by now because sometimes it’s necessary. This is the first time something like this happened. But yeah, it’s probably not the best idea, at least not around here.
Put it another way π
If you log in to someone’s site and the account you used is a vector for a hack, you actually can be legally liable. So yeaaah bad idea. I’ve been known to yell at people for giving me passwords/access with not absolutely 100% ‘there’s no other way’ needed.
- The topic ‘singl,hueman,eighties,cubby,moesia virus/hacking warning’ is closed to new replies.