| Posted by coolguythampy, 02-22-2012, 05:27 AM | | Hi,
I see that my site is partially hacked.
example-site.com/wp-content/themes/twentyten/dr.html
I see this exists in google search.
It shows the following
http://i.imgur.com/Mgipe.png
I have the latest WordPress setting and all plugins have been up-to-date.
I am currently hosted with hawkhost.
|
| Posted by SafeSrv, 02-22-2012, 08:13 AM | | Could be many things, weak password, server exploit, private exploit, host etc etc etc
Get your host to check the logs and pin point where its coming from..
Best thing to do right now, start fresh, delete all files, upload a new fresh package of wordpress and import your DB, use only the plugins you really need, reinstall your theme fresh, restrict access to your wordpress backend and use good random passwords for wordpress, FTP and whatever control panel your using..
|
| Posted by madaboutlinux, 02-22-2012, 08:19 AM | | Many a time the free wordpress theme have malicious files/code in them, atleast I have experienced it twice. I would only say, remove the theme, scan the files and upload the theme files again. No doubt you should check other files too and change your passwords.
|
| Posted by pmabraham, 02-22-2012, 06:25 PM | | Good day:
See http://codex.wordpress.org/Hardening_WordPress for steps you can take to secure your Wordpress installation.
Your hosting provider should be able to help you identify how the hack got through.
Also, did your hosting provider secure the server your site is on? Is your hosting provider continuing to keep the server secure?
Thank you.
|
| Posted by tvcnet, 02-22-2012, 08:16 PM | | Most likely an old Timthumb compromise issue, or a badly coded plugin.
Install and run this plugin: Timthumb vulnerabiity scanner
<>
Last edited by bear; 03-04-2012 at 12:45 AM.
|
| Posted by prashant1979, 02-23-2012, 04:23 AM | | It is purely a wordpress issue and not a host issue. Even I have noticed lots of websites built on wordpress and Joomla are being hacked and in all of them the main file of the theme being used is targetted. The best option is to have the wordpress updated.
|
| Posted by SafeSrv, 02-23-2012, 03:43 PM | | You can't say that - none of us know how it could have been exploited, there are 100s of ways the site could have been hacked.
Only the host will know, or they may not, depends if the skiddie was good enough to remove there footprints - so its best to put in some basic security procedures as i mentioned above.
|
| Posted by domaincart, 02-23-2012, 07:38 PM | | The security department of hosting providers can be find the reason mostly by checking their server log. So you must contact your hosting provider at first.
|
| Posted by CodyRo, 02-24-2012, 03:23 AM | | It's unlikely it's a server issue or private exploit (speaking from the majority of compromises we experience). Re-uploading your files and databases will usually be sufficient - keep in mind if you're installing a third party plugin or theme that's compromised or vulnerable it will not help the issue. Generally speaking we'll give you a hint as to how you were compromised (numerous FTP logins, outdated software, etc).
While completely plausible we do our best to block recent exploits via our software firewall (mod_security). Obviously these are manual / you can disable it at anytime but this being the #1 cause for compromise we do our best to curb it right away.
Last edited by bear; 03-04-2012 at 12:46 AM.
|
| Posted by SafeSrv, 02-24-2012, 05:53 AM | | Hey - just pointing out some of the usual angles, you wouldn't know wether it was a private exploit unless you had access to that scene, you won't find it unless you know.
You can't rule out anything these days
|
| Posted by SoftDux, 03-03-2012, 04:17 PM | | hacks like this generally happens due to poor Wordpress (in this case) admin passwords, themes with exploits, or insecure plugins.
|
| Posted by sam0, 03-03-2012, 10:22 PM | | What permissions is example-site.com/wp-content/themes/twentyten/ ?
Also is the 'dr.html' file in any other folder with the same permissions?
|
|
 Add to Favourites
 Print this Article
|
