Site blocked by the hoster security after unsolicited auto-update

  • Resolved rusoch

    (@rusoch)


    9 years, 2 months ago

    Hello,
    On 2015-09-15 at 17:24 I received a WordPress e-mail indicating that my site at https://rusoch.fr had been updated automatically to WordPress 4.2.5 (me being completely unaware).
    The same day at 20:47:56 I received an e-mail from the web-observer Yandex Metrika notifying mi that my site became inaccessible.
    A bit later, I got an e-mail from my hosting Amen telling me that my site was blocked due to the presence of the files that contained the code spam. They insisted that I should delete all fraudulent files concerning SPAM in the comments to be able to reactivate the site.
    Since then no spam or infected files were found so I came to a conclusion that it was the unsolicited intrusion of the updaters into the hosted site, breaking all the hoster’s defenses, that provoked the security response.
    Otherwise there can be some new elements of the updated WordPress version which reacted on the very few old and inoffensive web-links in the comments. Though the comments have always been thoroughly moderated, protected with numerical captcha and controlled with certain antimalware plugins.
    Could you please confirm such possible consequences of the update or I should dig in still profoundly.
    Cordially,
    Rusoch

Viewing 5 replies - 1 through 5 (of 5 total)

  • had been updated automatically to WordPress 4.2.5

    You were/are running an insecure version of WordPress. Version 4.2.5 is also no longer supported.

    Since then no spam or infected files were found so I came to a conclusion that it was the unsolicited intrusion of the updaters into the hosted site, breaking all the hoster’s defenses,

    That’s most probably an incorrect conclusion.

    …after unsolicited auto-update

    Automatic background updates were introduced in WordPress 3.7. You can read more about that here: https://codex.www.ads-software.com/Configuring_Automatic_Background_Updates

    That information will also tell you how to disable them if you like. There are links to plugins that will help you with that at the bottom of that page under ‘Resources’.

    Some additional information about automatic updates.

    “Automatic Updates are unattended, and by default, will only update WordPress to security releases (for example, from 3.7 to 3.7.1, but not from 3.7.1 to 3.8). Great lengths will be taken to ensure that no site will break as the result of an Automatic update.”

    Source: Make WordPress Core

    In all likelihood, the spam was already there, and the update just triggered the alarm (can’t say for certain, but that’s a very likely scenario for a site running a known insecure version of WordPress). 4.2.1, 4.2.2, 4.2.3 and 4.2.4 all (included) security releases.

    How to get started sorting things out: FAQ My site was hacked

    Thread Starter rusoch

    (@rusoch)

    Thanks a lot for your analysis. The site is not operative yet so most probably in was hacked.
    It’s strange though that the site was auto-updated to the version 4.2.5 which is not supported. While in the same auto-update email it was indicated that “WordPress 4.3.1 is also now available”. Why not auto-update at once to the most fresh version?
    Can it happen that the security releases with 4.2.5 triggered the alarm concerning absence of the indication in the wp-config.php of the second user of the data base?
    In general, should I indicate in the wp-config.php the second user of the data base?
    And will it be safe to update to 4.3.1 immediately after the autoupdate to 4.2.5?
    I’m aware that I probably should open new topics for these questions.

    If you site was hacked there is no more update for you only what is left:
    1. you have plenty of old backups what you can use to compare the changes in files and DB
    2. you need to check all files and DB and remove the bad code
    3. pay someone to do this job for you
    4. you lost completely your site and must build from scratch
    Even if you install fresh WP there is no guarantee that old DB is safe to bring back.

    Thread Starter rusoch

    (@rusoch)

    Thanks. I will try to struggle with it.

    Thread Starter rusoch

    (@rusoch)

    After minor corrections the site is reanimated. Thanks to all respected experts. For me the topic is over.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Site blocked by the hoster security after unsolicited auto-update’ is closed to new replies.