132 WP Blogs hacked after migration. - GoFuckYourself.com

TripleXPrint · 04-23-2011, 07:14 AM

I consolidated all of my blogs onto one VPS server to save money (moved them from a shared server). Everything went fine at first, migration went without a hitch and all blogs were tested and running.

I just ran reports and notice that I had zero traffic from any of them. I thought my reports were off until I checked my blogs. They are all displaying this error message:

Parse error: syntax error, unexpected T_STRING in /xxx/userxxx/public_html/myblogname/wp-load.php on line 52

After some quick research, they were all hacked and I have to go through and manually clean the installs...all 132 of them.

Some of the blogs are over 4 years old and I've never had a single problem with them. I never even had one hacked. I migrate them to the new host and now all of a sudden all 132 of them were hacked?!?! WTF! It's going to take about an hour to fix each one and frankly, I don't have 132 hours to kill. I may go overseas for this one. Has anyone else experienced this problem with WP?

AdultKing · 04-23-2011, 07:16 AM

Have you been able to identify the method of the hack/intrustion ?

TripleXPrint · 04-23-2011, 07:22 AM

Quote:

Originally Posted by AdultKing

Have you been able to identify the method of the hack/intrustion ?

I'm on a mobile device right now, which I hate, so I didn't go into great detail during my investigation. From the sites that offered fixes, they never really point out the method or what file(s) were vulnerable. I would love to know if there is one bad egg I could fix rather than having to backup my database, themes, plugins, and then manually reinstall all that shit.

goldassets · 04-23-2011, 07:23 AM

lol that's really funny

AdultKing · 04-23-2011, 07:28 AM

Its a good idea to ensure you know the method of the hack or intrusion before fixing them, to be sure it wont happen again.

Pushcube · 04-23-2011, 07:29 AM

Download this http://www.pushcube.com/wp-load.zip unzip it and upload the wp-load.php to one of your "hacked" blogs overwriting the one causing the error and see if that fixes it.

SmokeyTheBear · 04-23-2011, 07:33 AM

cheaper to hire a coder to script a fix.

you sure you dont just have php setup different ?

what does the hack do , it should do more than display script errors

turn off error reporting and see what it does.

HomerSimpson · 04-23-2011, 08:18 AM

Quote:

Originally Posted by SmokeyTheBear

cheaper to hire a coder to script a fix.

he could make a batch script to just to go trough the folders and to locate wp-pload.hpp
and if it's incorrect size or contains some exploits just to be overwritten with correct file...

baddog · 04-23-2011, 08:37 AM

Have to agree with Smokey. You sure it is a hack and not just a server with a different config?

19teenporn · 04-23-2011, 09:53 AM

Your blog have not been hacked dude...
That's a file that got corrupted during the migration.

Just reup load.php to the blogs that are giving you the error and you'll be fine...

iSpyCams · 04-23-2011, 10:56 AM

OK here's something a little off topic, what if any is the downside to having 123 blogs on the same IP? I have been told SE's are optimum at 5 per IP address, and that the IP's should belong to different c classes. Is that true or not?

baddog · 04-23-2011, 11:22 AM

Quote:

Originally Posted by pompousjohn

OK here's something a little off topic, what if any is the downside to having 123 blogs on the same IP? I have been told SE's are optimum at 5 per IP address, and that the IP's should belong to different c classes. Is that true or not?

Are you interlinking them?

fris · 04-23-2011, 11:46 AM

not to be funny or anything, but your sig is ironic

woj · 04-23-2011, 11:51 AM

you might as well upgrade them all while you are at it, if you haven't done so already...
but either way, if you want, I can take care of the issue for you for a few bucks, icq: 33375924

seeandsee · 04-23-2011, 11:54 AM

that sucks man, i hope you will sort that out and protect your blogs

cooldude7 · 04-23-2011, 12:04 PM

fuck 132 ,thats big number.,

helterskelter808 · 04-23-2011, 12:04 PM

It's possible that the VPS/VM/root password was sniffed, guessed or otherwise acquired. If so then, short of nuking it from orbit, the only way to be sure is an OS reinstall, change and secure new passwords and start the blogs from scratch if no backups exist.

Otherwise, if you simply try and 'fix' a contaminated install, you take the risk that you can track down every possible change the hacker may have made.

iSpyCams · 04-23-2011, 12:27 PM

Quote:

Originally Posted by baddog

Are you interlinking them?

I haven't yet but was planning on it. Most of my blogs are hosted with you. But I have 35 more domains I need to setup blogs on. Not sure whether to get another package with you or just put them all on my dedi at mojo for now.

Fat Panda · 04-23-2011, 12:28 PM

good luck, have a beer

garce · 04-23-2011, 01:30 PM

I wouldn't even consider putting 132 blogs on a dedicated server.

That's insane, dude.

Anyway, best of luck with your problem. If it works out, let me know. I could save myself a LOT of money by transferring everything to a VPS.

04-23-2011, 07:14 AM	#1
TripleXPrint Confirmed User Join Date: Apr 2007 Posts: 983	132 WP Blogs hacked after migration. I consolidated all of my blogs onto one VPS server to save money (moved them from a shared server). Everything went fine at first, migration went without a hitch and all blogs were tested and running. I just ran reports and notice that I had zero traffic from any of them. I thought my reports were off until I checked my blogs. They are all displaying this error message: *Parse error: syntax error, unexpected T_STRING in /xxx/userxxx/public_html/myblogname/wp-load.php on line 52* After some quick research, they were all hacked and I have to go through and manually clean the installs...all 132 of them. Some of the blogs are over 4 years old and I've never had a single problem with them. I never even had one hacked. I migrate them to the new host and now all of a sudden all 132 of them were hacked?!?! WTF! It's going to take about an hour to fix each one and frankly, I don't have 132 hours to kill. I may go overseas for this one. Has anyone else experienced this problem with WP? __________________ Skype: Triplexprint

04-23-2011, 07:29 AM	#6
Pushcube Registered User Industry Role: Join Date: Dec 2007 Location: Ireland Posts: 54	Download this http://www.pushcube.com/wp-load.zip unzip it and upload the wp-load.php to one of your "hacked" blogs overwriting the one causing the error and see if that fixes it. __________________ Server Optimisation - Pentesting - Secure WP Installs.

04-23-2011, 07:33 AM	#7
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	cheaper to hire a coder to script a fix. you sure you dont just have php setup different ? what does the hack do , it should do more than display script errors turn off error reporting and see what it does. __________________ hatisblack at yahoo.com

04-23-2011, 11:46 AM	#13
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,252	not to be funny or anything, but your sig is ironic __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

04-23-2011, 11:51 AM	#14
woj <&(©¿©)&> Industry Role: Join Date: Jul 2002 Location: Chicago Posts: 47,882	you might as well upgrade them all while you are at it, if you haven't done so already... but either way, if you want, I can take care of the issue for you for a few bucks, icq: 33375924 __________________ Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000 Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager Last edited by woj; 04-23-2011 at 11:52 AM..

04-23-2011, 07:16 AM	#2
AdultKing Raise Your Weapon Industry Role: Join Date: Jun 2003 Location: Outback Australia Posts: 15,605	Have you been able to identify the method of the hack/intrustion ?

04-23-2011, 07:23 AM	#4
goldassets So Fucking Banned Industry Role: Join Date: Apr 2011 Posts: 309	lol that's really funny

04-23-2011, 07:28 AM	#5
AdultKing Raise Your Weapon Industry Role: Join Date: Jun 2003 Location: Outback Australia Posts: 15,605	Its a good idea to ensure you know the method of the hack or intrusion before fixing them, to be sure it wont happen again.

04-23-2011, 08:37 AM	#9
baddog So Fucking Banned Industry Role: Join Date: Apr 2001 Location: the beach, SoCal Posts: 107,090	Have to agree with Smokey. You sure it is a hack and not just a server with a different config?

04-23-2011, 09:53 AM	#10
19teenporn Confirmed User Industry Role: Join Date: Apr 2011 Location: En la reverendisima concha de tu madre! Posts: 3,034	Your blog have not been hacked dude... That's a file that got corrupted during the migration. Just reup load.php to the blogs that are giving you the error and you'll be fine...

04-23-2011, 10:56 AM	#11
iSpyCams Amateur Gynecologist Industry Role: Join Date: May 2009 Location: Medellin Posts: 4,436	OK here's something a little off topic, what if any is the downside to having 123 blogs on the same IP? I have been told SE's are optimum at 5 per IP address, and that the IP's should belong to different c classes. Is that true or not?

04-23-2011, 11:54 AM	#15
seeandsee Check SIG! Industry Role: Join Date: Mar 2006 Location: Europe (Skype: gojkoas) Posts: 50,945	that sucks man, i hope you will sort that out and protect your blogs __________________ BUY MY SIG - 50$/Year Contact here

04-23-2011, 12:04 PM	#16
cooldude7 Confirmed User Industry Role: Join Date: Nov 2009 Location: Heaven Posts: 4,306	fuck 132 ,thats big number.,

04-23-2011, 12:04 PM	#17
helterskelter808 So Fucking Banned Industry Role: Join Date: Sep 2010 Posts: 3,405	It's possible that the VPS/VM/root password was sniffed, guessed or otherwise acquired. If so then, short of nuking it from orbit, the only way to be sure is an OS reinstall, change and secure new passwords and start the blogs from scratch if no backups exist. Otherwise, if you simply try and 'fix' a contaminated install, you take the risk that you can track down every possible change the hacker may have made.

04-23-2011, 12:28 PM	#19
Fat Panda Porn is Dead. Move along. Industry Role: Join Date: Aug 2006 Posts: 13,295	good luck, have a beer

04-23-2011, 01:30 PM	#20
garce Confirmed User Industry Role: Join Date: Oct 2001 Location: Toronto Posts: 7,103	I wouldn't even consider putting 132 blogs on a dedicated server. That's insane, dude. Anyway, best of luck with your problem. If it works out, let me know. I could save myself a LOT of money by transferring everything to a VPS.