mannyreyes
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Security hole in wordpress 3.1.3Hey Symeon, No I didnt experience any high activity on resources on the server, I always get notify if that happens. Yes I agree is not a server hack because I do have around 25 domains and only a few got hacked. I do believe is a vulnerability since I’ve been searching around and finding few forums where people recently are complaining about the same thing, and all just happens this month.
During that search I found this that indeed affected 2 of my sites http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/
As you know WordPress uses tinymce
Forum: Fixing WordPress
In reply to: Site has been hackedI also been working with my hosting people and they did some research. Which two of my sites has been hack and deposit a file under the tinymce folder. Sadly I deleted the folder and the WYSIWYG didnt work well so I uploaded a fresh copy of the folder but it seems that tinymce has a vulnerability as well. Read this out http://seclists.org/fulldisclosure/2011/Nov/427?utm_source=twitterfeed&utm_medium=twitter
Forum: Fixing WordPress
In reply to: Security hole in wordpress 3.1.3I also created a thread about been hacked and got ignore. Yes is true and is out there. I have a hosting account and so far 4 of my domains have been hacked. I changed passwords, SQL passwords, email passwords, blocked IP address, etc and they still get in. I also installed Bulletproof and no luck.
My first site was hacked directly to the root impamting a mijn some ign bank link phishing site. My other sites has been trough tinymce they inject a security.html file.
My Hosting people keep suspending my accounts and is getting annoying and since they dont know they keep telling me I need to be sure I have the latest updates which I do.
Forum: Fixing WordPress
In reply to: Site has been hackedI also created a thread about been hacked and got ignore. Yes is true and is out there. I have a hosting account and so far 4 of my domains have been hacked. I changed passwords, SQL passwords, email passwords, blocked IP address, etc and they still get in.
My first site was hacked directly to the root impamting a mijn some ign bank link phishing site. My other sites has been trough tinymce they inject a security.html file.
My Hosting people keep suspending my accounts and is getting annoying and since they dont know they keep telling me I need to be sure I have the latest updates which I do.