ErikWTN

Forum Replies Created

Viewing 4 replies - 1 through 4 (of 4 total)
  • ErikWTN

    (@erikwtn)

    I followed the advice here and contacted hostgator via live chat and they took care of it for me. They also told me how to fix myself by adding a short line of code to one of the files in hostgator’s cpanel but I didn’t have my cpanel login info with me (and frankly didn’t want to mess with it anyway).

    Forum: Reviews
    In reply to: [Enable Media Replace] Good
    Thread Starter ErikWTN

    (@erikwtn)

    DONE

    Forum: Reviews
    In reply to: [Enable Media Replace] Good
    Thread Starter ErikWTN

    (@erikwtn)

    Sorry, I meant to post back about this before. It was an old wordpress theme called “famous” that my hosting service said was the vulnerability. My site uses the “graphene” theme but I had “famous” and a few other old themes installed but not activated. Lesson learned: Delete any themes you aren’t using and keep your current theme and plug-ins up to date to be safe. I jumped to the conclusion that the “enable media replace” plug-in was to blame and it was not so my apologies to M?ns Jonasson. This is what hostgator said:

    Our scans have completed with the removal of the malicious content on the account including:

    File: `/home/erikwtn/public_html/home/wp-content/uploads/readme.php’
    Size: 128803 Blocks: 264 IO Block: 4096 regular file
    Device: 807h/2055d Inode: 219742219 Links: 1
    Access: (0644/-rw-r–r–) Uid: ( 1256/ erikwtn) Gid: ( 1247/ erikwtn)
    Access: 2013-03-31 21:44:38.000000000 -0500
    Modify: 2013-03-31 21:44:38.000000000 -0500
    Change: 2013-03-31 21:44:38.000000000 -0500

    /home/apachelogs/erikwtn/eawmedia.com-Apr-2013.gz: 49.50.8.104 – – [31/Mar/2013:21:44:36 -0500] “POST /home/wp-content/themes/famous/megaframe/megapanel/inc/upload.php?folder=/home/wp-content/uploads/&fileext=php HTTP/1.1” 200 35 “-” “-“

    They were able to upload the malicious content by exploiting a vulnerability in that theme(https://blog.sucuri.net/2012/06/uploadify-uploadify-and-uploadify-the-new-timthumb.html) but as it was removed the avenue of exploitation has been closed.

    Please contact us anytime if you have any questions or need of assistance.

    Timothy L.
    Senior Security Administrator II
    HostGator.com LLC

    My site just got hacked because of this plug-in!!! Don’t use it!
    https://www.exploit-db.com/exploits/16144/

    I pulled up my site yesterday and there was just a page saying
    Hacked by Dark-Devilz
    Status: Closed
    Attacker ID: Dark-Devilz
    Contact Me: [email protected]
    NOTICE: FREEDOM FOR PALESTINE!!!!!!

    Needless to say, I freaked out. I had just installed this plug-in last weekend so it didn’t take long to get hacked. I removed the plug-in and re-installed WordPress and it seems to have fixed it, but they could have planted some virus or code in my files so they can get in later.

Viewing 4 replies - 1 through 4 (of 4 total)