GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Webmaster Q & Fuckin' A (https://gfy.com/forumdisplay.php?f=27)
-   -   Wordpress Blackhole Exploit? (https://gfy.com/showthread.php?t=1116134)

Tittytweaker 07-22-2013 10:36 AM
Wordpress Blackhole Exploit?
 
Just got hit with this yesterday evening.

AVG alerted me when I visited my site. A bit of code was inserted into the header.php file of every theme I had installed. I removed that chunk of code, and checked my site again. That time, a different warning popped up about a javascript that I had installed (which had been working just fine for many months). I removed that javascipt file and that seemed to fix the problem.

File permissions don't seem to have been changed, and to be safe I changed all of my passwords.

How did this happen? I thought I had WP locked down pretty well, so how did they manage to edit files on my server? Was this done at random in some sort of mass attack, or could it have been a single person doing this maliciously?

Could someone explain to me the basics behind this attack and maybe give me some security tips I may not have thought of yet?

Thanks in advance,
~TT

PornDude 07-23-2013 03:51 AM
Check the server logs and you will find out what happened.

ottopottomouse 07-23-2013 04:56 AM
Have you installed a new theme recently?

Tittytweaker 07-23-2013 08:17 AM
Quote:
Originally Posted by PikaPoka (Post 19728333)
Check the server logs and you will find out what happened.
What should I be looking for in the server logs?


Quote:
Originally Posted by ottopottomouse (Post 19728367)
Have you installed a new theme recently?
Nope, nothing new.

HomerSimpson 07-28-2013 04:07 PM
1. ask your host to investigate the issue
2. change your ftp passwords
3. change your wp-admin passwords


All times are GMT -7. The time now is 01:33 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123