index.php hacked

  • I am using 2.5.1 and several times about a zillion porn links have been it added to end of my index.php file. Since it is almost impossible to see the links without looking at the source view (they are kinda commented out) I bet many users of WordPress are unaware of their existence.

    How do I protect index.php for being “edited?”

Viewing 6 replies - 1 through 6 (of 6 total)

  • JUST to provide some clarity..

    https://64.233.167.104/search?q=cache:7DGV3VA1-qUJ:normgregory.com/2008/01/30/covering-the-news/+https://normgregory.com+site:normgregory.com&hl=en&ct=clnk&cd=3&gl=us

    you were running 2.5 then, and you were as hacked than as you are now.

    I point that out not to cast disparagement, but like I said to provide clarity for anyone that might read your thread and assume you were hacked while running 2.5.1, and not before.

    Thread Starter normgregory

    (@normgregory)

    I was hacked before 2.5.1 and after. I was never hacked before 2.5. Clear?

    Clear?

    No. The cached snapshot from google indicates you were running 2.5 and hacked. You seemingly didnt know it at that time. Correct? Or this post wouldn’t be here.

    If thats the case, then you cannot really know you were not hacked at some earlier date? Or can you? (rhetorical questions)

    That snapshot is from April 7, 2.5 came out on March 29, merely a week prior.

    It doesnt matter, really, as I said, I wasn’t pointing it out to cast blame, but to alleviate fears that this was, for lack of a something better, a “new” problem.

    There were and are security issues with 2.5, there were and are security issues with prior versions, as well.

    Thread Starter normgregory

    (@normgregory)

    I am not sure what this argument is about.

    Yes I was hacked with 2.5 . . yes I knew it.

    I thought maybe 2.5.1 would fix it. It didn’t.

    I wasn’t hacked before I installed 2.5.

    I suspect very few people detect the “additions” made to index.php (who looks at index.php?) . . . I wouldn’t have noticed if feedburner hadn’t choked on it. Interestingly, Google Reader couldn’t care less.

    Hi normgregory. There is no argument that I can see as whoo clearly stated “I wasn’t pointing it out to cast blame”. She said that not only for the benefit of those who may stumble across this thread but for yours as well. The point being 2.5.1 isn’t going to fix anything if the attacker already HAS access due to a previous vulnerability.

    Now that you’ve upgraded you can take the necessary steps to protect yourself the first one being change ALL of your passwords. Check the database for unauthorized users. Go through all the files to remove any obnoxious code. Windows Grep is a great tool for this. (searching for strings of text in files) Check all of your permissions – Files > 644 Folders > 755. Read this as well.
    https://codex.www.ads-software.com/Hardening_WordPress

    And please, when you are hacked (and in the case of most PHP-based programs and shared server environments, it’s a matter of WHEN, not IF!), don’t forget to notify your web host because sometimes it’s not YOUR web space where they gained access, but possibly another account on the shared server. But the host needs to know this so it can batten down the hatches for everyone’s safety.

    My web host likes to see any new or suspicious files so I download them and zip them and send the zip to them for analysis noting the date and time stamps on the file (b/c the act of downloading them alters the date/timestamps of the files themselves).

    HTH. And hope you get things sorted out so this doesn’t happen again. ??

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘index.php hacked’ is closed to new replies.