Slot machine casino games free.Enjoy Free 888+200 Daily Legal Bonus

sourceforge
(@sourceforge)

7 years, 9 months ago

Hi,
A site I am running has been hacked, there are no tell tale signs except a post titled “Hacked by…”. The post isn’t new, just the post content has been changed,
with spammy links.
It was running 4.7.1. The site didn’t auto-upgrade because I kept it manual. I haven’t enabled access to server user www-data(nginx), didn’t include ftp/ssh login info in wp-config.php
I checked revisions, 3 exist, current revision done 9 hours ago.
No passwords changed, or any other content taken down.
I am thinking the last 4.7.0, 4.7.1 WP-REST API, content injection vulnerability https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
But I want to be sure. I would clean it up and change system, wordpress passwords.
Any pointers would be appreciated.
Also any directions on how to securely enable auto-upgrade, write access to www-data, without putting these down in wp-config

Viewing 4 replies - 1 through 4 (of 4 total)

sulemankh
(@sulemankh)

7 years, 9 months ago

That particular hack is usually the result of failing to update to 4.7.2 after the problem in 4.7.1 was announced on Feb 1 (a week after 4.7.2 was released).

See https://www.ads-software.com/news/2017/01/wordpress-4-7-2-security-release/

and https://make.www.ads-software.com/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/

It seems like nothing more than news posts are changed.
Check if new categories have been made and change your password for WordPress admin login and other users also just in case.

Thread Starter sourceforge
(@sourceforge)

7 years, 9 months ago

Thanks!
For others who have seen posts updated/changed might want to consider cleaning their installs, that means replacing wordpress files, except of course /wp-content. Carefully vett the wp-content items.
Change wordpress login passwords, cpanel passwords, ssh/FTP, all access points.
Do it carefully and understanding what you are doing to not break wordpress.
I would recommend installing https://www.ads-software.com/plugins/sucuri-scanner/
Go through this codex document to clean and harden your wordpress installations.
https://codex.www.ads-software.com/FAQ_My_site_was_hacked

adspedia
(@tinuzzo)

7 years, 9 months ago

Have you tried restoring from a backup that is 1-2 days old and then upgrade that version to latest 4.7.2?

Thread Starter sourceforge
(@sourceforge)

7 years, 9 months ago

No, the post wasn’t important, just a test post. But I did upgrade to 4.7.2 immediately. I was recently following the vulnerability disclosure by sucuri, all pointed to that.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘site hacked – post content changed’ is closed to new replies.

site hacked – post content changed

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics