UseShots
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: WordPress HackedMost likely it’s somewhere in (.php) scripts since it changes the search string on every load:
‘search.php?q=debt consolidation in honduras’
‘search.php?q=brazil casino clickbank gambling religion’
‘search.php?q=california auto insurance’
…Forum: Everything else WordPress
In reply to: My site’s .htaccess file hacked, how?Hi,
The “777” is very dangerous. Any scripts can modify such files. This is only needed if you want WP Admin to change your “.htaccess” files, but when the change is done you should revert the files to the normal “644” asap. Actually, if you know how to edit files on server, you don’t have to change parmissions to “777” – WP would provide you with the code you need to add to your .htaccess file yourself.
I’ve seen many site with hacked .htaccess files lately. Unfortunately, none of webmasters I talked to couldn’t provide sufficient information (i.e. the file owner and permissions, madification date, etc) so I can’t figure out how the file was modified/created in the first place.
Please, please, if you find a compromised .htaccess file, check the modification date, file permissions and the file owner. If you don’t know how to do it, contact your hosting company. This information can help identify whether your account is compromised (you are the owner of the file and only you can modify it) or it was done by some script. Then search the access logs (http and ftp if available) for any activity happened around the modification time. If you want to share this info you can send it to me here( http://www.unmaskparasites.com/contact/)
Dick, I’m really interested in anything your host finds regarding the issue.
So far I can only suspect that FTP passwords were somehow intercepted and suggest that you use SFTP instead of FTP if your hosting plan provides SFTP access.
Forum: Fixing WordPress
In reply to: WordPress HackedHi,
@aletheides: Did you locate the redirect code? I can still see that your blog redirects search engine traffic to “sattan .org”.
http://www.unmaskparasites.com/security-report/?page=www.freewiccaschool.com/blogDid you check the .htaccess file in the /blog/ directory? Alternatively check for Redirect code in .php files.
What version of WordPress do you use? It looks like someone has injected the malicious code using some security hole (Many old versions of WordPress are vulnerable).
You should check .php files (including theme file) for suspicious code.
Try WordPress Exploit Scanner plugin.
Forum: Fixing WordPress
In reply to: How to identify malicious hack access@ria:
1. As the name of the “cache” folder suggests, it is safe to delete all files in this folder. They will be recreated if needed.2. It was a bad idea to post the content of that cache file since it reveals some config details about your blog. Change the username and password asap.
3. The XML export is not in PHPAdmin. It is in WordPress Admin.
4. The “eval(base64_decode..” well may be something malicious. But when I (partially) decode it, it contain references to “yet-another-photoblog” plugin. Do you use this plugin? If it’s a legitimate plugin, why it encodea it’s code?
Forum: Fixing WordPress
In reply to: Spam Links added to words on my posts PLEASE HELP!Hey, common! You have Kontera ContentLink scripts on your web pages. What else do you expect?
Forum: Everything else WordPress
In reply to: Somebody hack me ?@whooami: Really, I still can’t see what’s wrong with those pages except for the unwanted ref parameter, which seems to be ignored. When I click those links I see appropriate pages of the blog archive. Here you can see the screenshots:
http://useshots.wordpress.com/2008/11/22/strange-refs/I don’t see anything sinister there.
@balisugar: You can also request Google to remove those links from their index via there Webmaster Tools (http://www.google.com/webmasters/tools/)
Forum: Everything else WordPress
In reply to: Somebody hack me ?Hi,
I can see those strage pages but I don’t see them doing anything illegal. They just load the appropriate page of the blog archive and seem to ignore the ref part of the URL.
Can anyone tell me what’s wrong with them?
Forum: Everything else WordPress
In reply to: Is my WordPress site being hacked?They seemed to be trying to upload a remote web shell script to your site. I guess old versions of WordPress were vulnerable to this sort of attacks.
Forum: Everything else WordPress
In reply to: Somebody hack me ?Hi,
What happens when you open such links? Will it open a page on your site or redirect you to that porn site?
You might need to check your .htaccess file.
Forum: Everything else WordPress
In reply to: WordPress Security?On shared hosting plans you are usually safe when someone else’s account is hacked as long as the server is properly configured and users don’t have access to other users’ subfolders. However if the root account is compromised, every site on the server is compromised.
Some reading on WordPress security:
http://codex.wordpress.org/Hardening_WordPressForum: Everything else WordPress
In reply to: 2.6.3 Hacked!Still it doesn’t look like a WordPress exploit.
What you should do is contact your hosting provider and have them investigate the issue.
Check your own computer for viruses and spyware and then change all server passwords.
Then remove all suspicious files from your server and harden access permissions for the rest files.
As a bonus: http://codex.wordpress.org/Hardening_WordPress
Forum: Everything else WordPress
In reply to: How do I find and remove a virusHi,
Upgrade to the latest version of WordPress is a must. Unfortunately, it won’t fix your issue.
Hackers have added conditional redirects to your site. When new users come to your blog from search engines, a chain of redirecs occur.
—
89. 28 .13 .202/in .html?s=ix ->
viewallclicks .com /soft .php?aid=0147&d=6&product=XPA&refer=bb1f0c2b3
pro-scan-online .com/ 2009/1/freescan.php?nu=880147
—
You can see this chain of malicious redirects in this report:
http://www.unmaskparasites.com/security-report/?page=www.coalgasificationnews.com
(sometimes it may not work, when your server is too slow)What you should do is check your .htaccess file and WordPress .php files (including theme files) for conditional redirects and remove them.
Then change all passwords and upgrade WordPress.
Forum: Everything else WordPress
In reply to: IS WORDPRESS ok to build a 5000 members websiteI’m not sure if WordPress is the right choice for your specific task, but regarding the scaling issue: WordPress.com hosts 4,702,896 blogs, and as far as I understand it’s actually a multiuser WordPress setup. It’s just a matter of hardware and your (admin) skills.
Forum: Fixing WordPress
In reply to: XMLRPC clientCheck the xmlrpc.php file for function interfaces.
wp.getPages requires “blog_id” as the first parameter. What you do is passing “admin” user with blank password.