Slotomania VIP Inner Circle download for pc.Makakuha ng libreng 700pho sa bawat deposito

Cafeine
(@cafeine)

12 years, 10 months ago

I just understood that my website is hacked since… a long time (feb 2012?)

I still don’t know how it was done, or if it was because of an old classic backdoor I had in 2011… But just so you know:

I had a fake Jquery 1.3.2 in wp-includes>js>tinymce>plugins>spellchecker>classes>utils

I had a folder with a .log full of .html from spam in wp-includes>js>jquery

And in the .htaccess of /wp-includes/js/jquery I had a call to a jobdescription.php. It was allowing upload and write in a part of my server. ??

The alert came from AVG in Opera (yeah to Opera users who told me), then we saw that code on top of the site, just once : https://www.cafzone.net/2012/05/colorz/#comments (1st comment).

The code was 100% regex from Hell. Was sending links to gena.stx.nl/top2.html and others.

I still dont know how it was possible. Maybe remnants of my old hack in 2011… And I find nothing with google about those files. I doubt I’m alone fighting this hack…

PS : a big [profanity removed] to all the coders doing that [profanity removed – please try a little harder to express yourself without having to resort to bad language]. ??

Viewing 8 replies - 1 through 8 (of 8 total)

esmi
(@esmi)

12 years, 10 months ago

You need to start working your way through these resources:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Thread Starter Cafeine
(@cafeine)

12 years, 10 months ago

Oh I did, but the hack is more evolved, Sucuri saw nothing for example. That’s why I post that here, so people can check their installation.

esmi
(@esmi)

12 years, 10 months ago

In that case, you’d be better off contacting Securi with the details.

Thread Starter Cafeine
(@cafeine)

12 years, 10 months ago

.htaccess of /wp-includes/js/jquery was :

RewriteRule ^(.*)$ /wp-includes/js/jquery/jobdescription.php?q=$1 [L]

FYI

Thread Starter Cafeine
(@cafeine)

12 years, 10 months ago

Contact form7 was infected too… Geeeez… :/

The Hack Repair Guy
(@tvcnet)

12 years, 9 months ago

Hi,
You manage to get control of this one now?

Thread Starter Cafeine
(@cafeine)

12 years, 9 months ago

I guess, took a while too clean everything (add ons folders where the target, mostly.) But I’m still not sure about the entry point. ??

The Hack Repair Guy
(@tvcnet)

12 years, 9 months ago

If your host can provide FTP logs that would at least rule out whether they used your password for access.

Also, I find the timthumb vulnerability scanner is a good one-shot plugin for compromise checking. Try it out as well, then delete the plugin if it comes up clear.

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘New hack around ? Check your installation!’ is closed to new replies.

New hack around ? Check your installation!

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics