Good

  • IF I COULD DELETE THIS POST I WOULD BUT I CAN’T
    THIS PLUG-IN IS FINE BUT MY SITE WAS HACKED SOON AFTER INSTALLING BUT IT TURNED OUT TO JUST BE COINCIDENTAL AND THE PLUG-IN WAS NOT TO BLAME.

    My site just got hacked because of this plug-in!!! Don’t use it!
    https://www.exploit-db.com/exploits/16144/

    I pulled up my site yesterday and there was just a page saying
    Hacked by Dark-Devilz
    Status: Closed
    Attacker ID: Dark-Devilz
    Contact Me: [email protected]
    NOTICE: FREEDOM FOR PALESTINE!!!!!!

    Needless to say, I freaked out. I had just installed this plug-in last weekend so it didn’t take long to get hacked. I removed the plug-in and re-installed WordPress and it seems to have fixed it, but they could have planted some virus or code in my files so they can get in later.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Ewout

    (@pomegranate)

    Can the devs of this plugin confirm whether this is fixed in the latest release?

    Oh yes, this was fixed way back in 2.4, over a year ago. And it was only a theoretical exploit, never actually seen in the wild.

    Ewout

    (@pomegranate)

    Thanks for the quick response!
    I’m guessing the reviewer was hacked via another exploit (not related to this plugin) then…

    That is most likely. And the “FREEDOM FOR PALESTINE”-hack affected many web pages, not just WordPress.

    Thread Starter ErikWTN

    (@erikwtn)

    Sorry, I meant to post back about this before. It was an old wordpress theme called “famous” that my hosting service said was the vulnerability. My site uses the “graphene” theme but I had “famous” and a few other old themes installed but not activated. Lesson learned: Delete any themes you aren’t using and keep your current theme and plug-ins up to date to be safe. I jumped to the conclusion that the “enable media replace” plug-in was to blame and it was not so my apologies to M?ns Jonasson. This is what hostgator said:

    Our scans have completed with the removal of the malicious content on the account including:

    File: `/home/erikwtn/public_html/home/wp-content/uploads/readme.php’
    Size: 128803 Blocks: 264 IO Block: 4096 regular file
    Device: 807h/2055d Inode: 219742219 Links: 1
    Access: (0644/-rw-r–r–) Uid: ( 1256/ erikwtn) Gid: ( 1247/ erikwtn)
    Access: 2013-03-31 21:44:38.000000000 -0500
    Modify: 2013-03-31 21:44:38.000000000 -0500
    Change: 2013-03-31 21:44:38.000000000 -0500

    /home/apachelogs/erikwtn/eawmedia.com-Apr-2013.gz: 49.50.8.104 – – [31/Mar/2013:21:44:36 -0500] “POST /home/wp-content/themes/famous/megaframe/megapanel/inc/upload.php?folder=/home/wp-content/uploads/&fileext=php HTTP/1.1” 200 35 “-” “-“

    They were able to upload the malicious content by exploiting a vulnerability in that theme(https://blog.sucuri.net/2012/06/uploadify-uploadify-and-uploadify-the-new-timthumb.html) but as it was removed the avenue of exploitation has been closed.

    Please contact us anytime if you have any questions or need of assistance.

    Timothy L.
    Senior Security Administrator II
    HostGator.com LLC

    tomhart

    (@tomhart)

    ErikWTN,
    You really should upgrade your rating and revise the post…both are possible i believe. Like a lot of folks i check the negative posts for possible problems.

    Thread Starter ErikWTN

    (@erikwtn)

    DONE

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Good’ is closed to new replies.