Site hacked — WordPress vulnerabilities?
-
Hi!
I’ve been using WordPress for quite some years now, and over the last one year, I’ve been seeing my blogs getting hacked, again and again. I thought the issues were with my server, but its been happening across 2 different hosting companies now. What prompts this post is the latest hacking event, which has happened 2 days back. 2 of my blogs have been hacked –
https://www.witnesstimes.com
https://www.bloggingindia.net(WARNING: please do not visit these if you do not have an antivirus installed on your system! I’m not quite sure what the replaced hacked pages do)
None of my other websites have been touched – just these two, running on WordPress. So I was wondering if a PHP vulnerability in WordPress was being targeted… I’m not a coder myself, I only know a little bit of coding to get my way around things…
I was using WP 2.8.6…
I opened up the FTP on these sites, and checked the “Last edited” dates, and on Witness Times (the first website) a page called mad.php has been edited on 21st January (the day the site was hacked) in my public_html and a file called service.pwd was edited in my _vti_pvt folder. I guess since I haven’t seen these files before, they were inserted by the hacker. The mad.php has a virus in it – cannot be downloaded, but when I tried text editing it online, I found that it was encrypted using MD5…
But what I do not understand is, they haven’t edited or touched any of the other files, and still I cannot access any file through normal http.
With the 2nd website, Blogging India, they have inserted the service.pwd file on
A file called r57.php has been put in on the 13th of December 2009, in my wp-content/uploads/2009/12 folder. Cannot download – my antivirus says there is a trojan in it. And a folder called wp-content/uplaods/2010/1 has been created on 17th Jan, 2010.
In my wp-content folder, I found these files edited/inserted on 17th Jan 2010-
index.php
kov.php
phxvolcano.php
.htaccess
ini.php
php.iniI haven’t inserted or edited any of these files. Nor have I posted any posts on these dates. In fact, the last post in Blogging India was quite some time back in November or early December…
Now I don’t know if its a WordPress vulnerability being used… But I just thought I would put up a post here, just in case any of you knew more about this…
Oh, I must also tell you that Witness Times hacked just a week back, and I removed a few files they had edited then, and it was back to normal… But of course, I may not have removed all files, I removed the files which I found were recently edited… It was just the index.php file on the public_html page, and a folder with images then. And I also changed my FTP password then… This is the second time during the week..
And in case you were wondering, I used to have 17 character passwords with uppercase characters, lowercase characters, numbers and special characters, and now I have 18 character passwords using all the available kinds of characters. I haven’t written them down anywhere, nor do I have them stored or saved anywhere in my computer. I have an up to date antivirus and firewall on my computer as well…
Any help would be wonderful…
Thanks a lot,
Mohan
- The topic ‘Site hacked — WordPress vulnerabilities?’ is closed to new replies.