Comments for Alex's Blog

Comment on My website was hacked – yours could be too! You won’t know until it’s too late by Garry Haywood (@_garrilla)

Garry Haywood (@_garrilla) — Sun, 11 Dec 2011 18:24:14 +0000

thanks for this info. I’m about check mine. Fingers crossed!

Comment on My website was hacked – yours could be too! You won’t know until it’s too late by James

James — Tue, 06 Dec 2011 09:18:29 +0000

Maybe I’ve missed something, but if thumb.php is a library of functions rather than a page, why does WordPress require it to be at a publically accessible url? Other web frameworks clearly seperate urls from library code.

Comment on My website was hacked – yours could be too! You won’t know until it’s too late by Joe

Joe — Fri, 02 Dec 2011 19:05:41 +0000

I’m familiar with this little tool. I’ve seen it uploaded to a couple of sites that I’ve let come and go over the last few years, in varying forms of delivery. If you’re on a shared server, you’ll want to notify the host of the attack. I can’t see enough of the version of the script to tell, but the version that was used on my sites allowed you to access any other account on the server. So the file had been stored in multiple accounts and if it was found by the owner of one, the attacker could just move in a fresh copy under a different name and to a new location.

Comment on My website was hacked – yours could be too! You won’t know until it’s too late by Jeremy Kahn

Jeremy Kahn — Fri, 02 Dec 2011 05:04:26 +0000

Thanks for this, this is the first clear explanation of what has been going on. I had similar problems. Couple of things you don’t mention:

1/ You need to change your authentication keys and salts in wp-config.php, else the attacker may still have cookies to get them into the system.

2/ I found the bulletproof security plugin to be very useful.

Jeremy

Comment on My website was hacked – yours could be too! You won’t know until it’s too late by fluffydave

fluffydave — Thu, 01 Dec 2011 09:12:16 +0000

Good stuff Alex, I’ve had a review of my wordpress blogs and luckily I’m not effected. I wouldn’t beat yourself up over it though, anyone can be vulnerable to this sort of thing.

Comment on My website was hacked – yours could be too! You won’t know until it’s too late by Wu Feng

Wu Feng — Thu, 01 Dec 2011 00:01:39 +0000

That is why it is best to use VBScript.

Comment on My website was hacked – yours could be too! You won’t know until it’s too late by DanGarion

DanGarion — Wed, 30 Nov 2011 23:57:39 +0000

I was in your spot about 1 1/2 years ago. It was a lot of work to get things fixed but I learned a lot about securing my server from it.

Comment on My website was hacked – yours could be too! You won’t know until it’s too late by Brando

Brando — Wed, 30 Nov 2011 19:47:15 +0000

It doesn’t matter how many downloads or reviews a plugin or theme has. Even old, tested, popular ones can have vulnerabilities that go unnoticed for years.

This site tracks them as they get discovered and documented: http://www.wpsecure.net/

The WordPress core is quite secure now. Wasn’t like that years in the past but now vulnerabilities are patched almost as soon as they’re discovered, and the updating system makes things almost as simple as possible. Plugins and themes are by far the weakest link in the chain because there’s no real system in place for verifying an author’s coding ability. Anyone can release or download anything they want, and that grants as much power as potential problems it causes.

If you’re paranoid about it, don’t use anything but the official themes and plugins as they’re likely to be the most rigorously tested.

Comment on My website was hacked – yours could be too! You won’t know until it’s too late by Matthew

Matthew — Wed, 30 Nov 2011 18:58:23 +0000

Going to the plugins first is what I would have done too. Thanks for the explanation on a serious and tricky issue that may be affecting a number of people.

I think the biggest flaw in the way the WordPress development cycle works is the lack (or poor implementation of) a place to allow for community verification of extensions and add-ons like templates and plugins towards guidelines like security and privacy. The WordPress plugins site does not provide enough easily accessible relevant information and people shouldn’t have to search through forums for this kind of thing.

There’s no (or little) oversight for a lot of code that people just take and put on their site. I’ve seen many a WordPress developer who needed X functionality, did a plugin search, and installed and tried to use whatever they found without much consideration. Three months later they have 30 plugins installed, only 6 of which are actually being used, and their site is serving spam.

It’s great that WordPress is open source, but it still has yet to develop a strong, standards minded community that watches out for this kind of thing. It leads me to the attitude that 1) developing my own theme is preferable and 2) never use a plugin that doesn’t have less than 3 reviews.

Comment on My website was hacked – yours could be too! You won’t know until it’s too late by WordPress: Story of a Hack with WSO | Sean Walther’s Blog

WordPress: Story of a Hack with WSO | Sean Walther’s Blog — Wed, 30 Nov 2011 18:07:11 +0000

[...] target it’s vulnerabilities.Alex has a detailed write up covering his site being hacked, in My website was hacked – yours could be too! You won’t know until it’s too late.From the article (read the whole thing):Yesterday I found out that my website had been hacked. Not [...]