Ubet63 oi login.REGISTER NOW GET FREE 888 PESOS REWARDS!

amfm
(@amfm)

12 years, 6 months ago

I have a site with 50ish uploaded jpegs. My theme uses an image resizing script that uses the native WordPress resizing function to create thumbnails from those uploads (not tim thumb).

I have file monitoring setup to notify me of changes in files on my site. One thumbnail jpeg in particular keeps showing up as modified. It doesn’t appear different to me visually, but I am curious what could be causing it to be modified over and over.

I recently discovered my site had been hacked and I need to establish what has been involved in the hack so I can restore to a clean backup. I am trying to determine if this jpeg would be involved. (I checked the image resizing script against what is in the original theme and it appears unchanged.) I would love to hear if there are any suggestions or legitimate explanations for the thumbnail activity I have described or if this sounds like signs of a hack.

From what I have read online it sounds like php script injection might be possible with image files, but I don’t understand how that would be done or how to check if that is what has happened. Would something like that cause a thumbnail to be modified regularly? Thank you in advance.

Viewing 3 replies - 1 through 3 (of 3 total)

Moderator t-p
(@t-p)

12 years, 6 months ago

review info in these resources:

https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/
tutorial how to fix hacked WP blog: https://www.jtpratt.com/how-to-fix-a-hacked-wordpress-blog/

Then implement security tips of this guide to harden your WP installation: https://codex.www.ads-software.com/Hardening_WordPress

Malware Scan: https://sitecheck.sucuri.net/scanner/

Thread Starter amfm
(@amfm)

12 years, 6 months ago

Thanks. I’m familiar with those links. I was hacked once before and had to rebuild my site from scratch thanks to faulty backups. I implemented almost all of the wordpress hardening tips plus other security site tips, installed numerous security plugins, file monitoring systems, regular scans, etc.

Rather than tips for recovering from your average hack, I am looking for feedback on whether thumbnail modifications occur regularly for people, and any clues as to what might cause the sort of activity I have described. Would a thumbnail be changed by browsing or caching? Would jquery or lightbox or something like that cause a hashtag to change? Are there ways to check if a jpeg has been injected with code? I need to try to determine if what I described is perfectly normal or sounds out of the ordinary.

I’m trying to find my last clean backup and not sure if thumbnail modifications are a sign of a hack or just business as usual.

Thread Starter amfm
(@amfm)

12 years, 6 months ago

So, when I originally posted I suspected I had already been hacked (due to some other issues) and wasn’t sure if this was involved. I have since concluded the other issues were not a hack, so my site appears clean.

I also re-examined the file monitor change log of the thumbnail jpeg that keeps popping up and the file hash remains unchanged, as well as the name. So the only thing that appears to be changing is the date of modification. I tried deleting the thumbnail file, then revisited the site page that uses that thumbnail, and a new file was created by the image resizing script. I hoped that might take care of it, but it is still popping up almost daily in my file monitor. No idea why.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘thumbnail jpeg keeps causing file monitor alert. possible hack?’ is closed to new replies.

thumbnail jpeg keeps causing file monitor alert. possible hack?

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics