2.9.2 site hacked

  • I visited my WP 2.9.2 site today to get a warning about my site having malware associated with it. Looking at the source, I see a script entry in the HTML body going to https://zettapetta.com/js.php

    Looking at the index.php file, I see that the first line has been hacked with an eval command and a lot of garbage that obviously comprises part of the hack. The timestamps of a lot of WP files has been changed, indicating that they were modified sometime yesterday afternoon.

    Anyone else seen this hack yet; is there a fix? I only found one or two mentions of this online, but all my plugins are up to date and I’m not sure how to ensure this won’t happen again after I do a restore from backup on the site.

    Thanks,
    Matt

Viewing 15 replies - 151 through 165 (of 187 total)

  • I’ll allow myself to insist about my previous suggestion : in such cases, even if the responsability doesn’t lie with wordpress, this would be something appreciated…

    Could the devs work on a wordpress extension used to run a scanning and optionally cleaning up cron task on a daily basis ?
    Something similar to microsoft windows’s malware detection tool, updated with each monthly update…

    Since there are and will be more attacks against wordpress in the future, it would help avoiding the constitution of botnets…

    petercasier,

    Thanks for the update. I now just have it sitting on my desktop waiting for the next time.

    A

    My wordpress file monitor detect another file put in my host by the hacker:

    This email is to alert you of the following changes to the file system of your website
    Timestamp: Thu, 20 May 2010 16:12:33 +0200

    Added:
    guilbert_being.php

    Problem is not resolved in Godaddy…

    @petercasier

    I updated my script to clean up any infected .php file from a site (or subdirectory).

    Millions of people are desperate for clean up tools like this at this point. Come up with a nice suite of practical and simple to use cleaning tools and you’ll have no shortage of customers. Me being one of them.

    Finally got around to checking all my blogs, 3 were hacked, 3 were not. All in the same hosting account on godaddy.

    All files were 5/12/2010 @ 04:04:18

    luckily, I hadn’t done anything with the sites since prior to the date, so a History restore on godaddy was all I needed, 5 minute fix

    calvin13: Not fixed at all.

    We just started to notice a big batch of sites getting hacked… If anyone here is still at GoDaddy, I am sorry for you ??

    https://blog.sucuri.net/2010/05/here-we-go-again-problem-at-godaddy.html

    I don’t know what people expect from <$10/month hosting. You’re just a number. None of the PHP/wordpress sites have been hacked on any of my hosts servers.

    You get what you pay for.

    I don’t know what people expect from <$10/month hosting.

    Where you grabbin your intel from? Cuz I didn’t see any reference to $10/month hosting.

    Thanks for the vital input to the thread too. I’m sure you’ve just helped several people set their blogs straight!

    You get what you pay for.

    Right, but you know not everyone can afford $150,000 a year to host a blog.

    So maybe the Big Hosts can just provide decent basic security. Is that asking to much? If I can only afford say a new Ford Escort, I shouldn’t have to keep patching it every day just to keep it running.

    2nd time in 2 weeks I have been hacked. I am just growing my readers and starting to get PR request, I can’t afford this down time and virus warning when people try to go to my site.

    Go Daddy doesn’t seem to be doing anything to stop this, so I am moving my site to a new host. I’m sure Go Daddy wont let me out of the yr contract, but I can’t stand to have to restore my 4 blogs every week.

    Can anyone recommend a new host that doesn’t have the slow server problems and security issues that Go Daddy has?

    Mommy D

    @dinellh: I’ve never used GoDaddy, so I can’t give a direct comparison, but I do currently use Hostmonster, and I haven’t had any real problems with them. Some of my minor issues (which were usually my own misunderstanding on something) they helped me with very quickly, and I am very satisfied with their service.

    They also have 1 click installation of WordPress and plenty of other popular open source projects.

    @dinellh: I’ve never used GoDaddy, so I can’t give a direct comparison, but I do currently use Hostmonster, and I haven’t had any real problems with them. Some of my minor issues (which were usually my own misunderstanding on something) they helped me with very quickly, and I am very satisfied with their service.

    They also have 1 click installation of WordPress and plenty of other popular open source projects.

    Thank you so much. I will definitely check into hostmonster. I appreciate your quick help. ??

    Thanks for the vital input to the thread too. I’m sure you’ve just helped several people set their blogs straight!

    The solution has been obvious for WEEKS… restore from backup and switch to a competent host.

    It’s really not rocket science.

    I am see more and more wordpress site hack with zettapetta and We still do not have a fix!!! How do they get in?

    First is calpetr.com, then rebarcampbootcamp.com. Hopefully my wordpress sites are not the targets…

    I had just install the following plugins:
    bad behavior https://www.ads-software.com/extend/plugins/bad-behavior/
    security scan https://www.ads-software.com/extend/plugins/wp-security-scan/

    I don’t know if they really stop zettapetta Please let me know if they work.

    Thanks.

    OK, for those fellow WordPress blogger whose site are infected with the new zettapetta and losotrana malware, sucuri.net has a cure at https://bit.ly/bkQRxP

Viewing 15 replies - 151 through 165 (of 187 total)
  • The topic ‘2.9.2 site hacked’ is closed to new replies.

Tags