• Hi,

    I am having a little problem. Someone is targetting my sites and is managing to insert code into my wordpress templates damaging my sites. I dont know if its wordpress or how they are managing it. Any ideas would be useful ?

    Thanks!

Viewing 15 replies - 1 through 15 (of 17 total)
  • 1. wordpress version would help
    2. you used “sites”.. is wp running all all the sites, or some, all the same versions, or not.
    3. what else is being used on the sites(s)

    if you are using the reccommended method of having theme files world-writable, youre inviting disaster. Thats very very insecure, regardless of what the answers to the above questions happen to be.

    think about it : world-writable. it means exactly what it says. Ive gone on and on about this, “no-one” cares.

    whooami, I care. But I don’t count….

    its all in the quotes I used ??

    Also, are you using phpGedView? The old version of phpGedView allows hackers to access EVERYTHING on your server. Upgrade or remove it until the 4.01 version comes out. That was what got me. They messed up my Joomla install, so I decided to go to WP, and then they started messing with WP. I finally figured out it wasnt Joomla or WP, but phpGedView. Good luck, it drove me nuts for weeks!

    Thread Starter davev

    (@davev)

    1. wordpress version would help

    Ah, both are 1.5.2

    2. you used “sites”.. is wp running all all the sites, or some, all the same versions, or not.

    The 2 that I have noticed so far are 1.52

    3. what else is being used on the sites(s)
    No other cms or anything much.

    if you are using the reccommended method of having theme files world-writable, youre inviting disaster. Thats very very insecure, regardless of what the answers to the above questions happen to be.

    think about it : world-writable. it means exactly what it says. Ive gone on and on about this, “no-one” cares.

    This could be the whole problem, I assumed that it wouldnt make a difference leaving them 666 or similar – most people I spoke to said the same thing. Though I never understood why it could be ok – the file is writable (but not being a tech doesnt help really)

    I am locking it all down ??

    Thanks for the quick, useful tips & quality responses. I honestly didnt even think anyone would bother answering.

    I dont know what phpgedview is but if the other solutions dont solve the problem then Ill look into that.

    Thanks again & Ill come back with an update.. any idea how I find the culprits now ?

    1.5.2 has no known exploits.

    1. Who is your host ?
    2. Make sure that EVERY file has permissions of 644 at most for now.

    3. Ask your host / look in their forums for similar incidents. If you do ask them they will say it’s a WP fault – which it is not. It’s probably a shared server exploit. If your host fobs you off, look elsewhere.

    Thread Starter davev

    (@davev)

    I have just 644 everything and now its messed.

    I get this error message:
    Warning: main(/home/xxx/public_html/wp-includes/wp-db.php): failed to open stream: Permission denied in /home/xxx/public_html/wp-settings.php on line 59

    Fatal error: main(): Failed opening required ‘xxxx/public_html/wp-includes/wp-db.php’ (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/xxx/public_html/wp-settings.php on line 59

    Any ideas?

    I will be having words with my hosts on monday too anyway ??

    That’s an odd error because all my files are 644 – so either the files in not there (you’ll need to check) or your host has set something very strange.

    Who is your host ?

    Thread Starter davev

    (@davev)

    https://ukwebsolutionsdirect.co.uk/

    It was working ok, before I changed the permissions (there were all different permissions set across the different files/ folders).

    Don’t folders need to be 755 or something? (I thought files were one, folders were another? Anyone with firsthand knowledge?)

    -d

    It’s generally folders 755, files 644, yes.

    Thread Starter davev

    (@davev)

    ok, let me give that a try, thanks for your help

    Thread Starter davev

    (@davev)

    Ok, that appears to have worked. Thanks everyone for your contributions!

    Glad to hear it, hope things remain calm for you!

    Thread Starter davev

    (@davev)

    Fraid not, after fixing all the permissions they still managed to get their code in there.

    ??

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘WordPress Hacked’ is closed to new replies.