wp-content Dir Hardened with Sucuri plugin hacked!

  • Resolved rjmonday

    (@rjmonday)


    8 years, 3 months ago

    Hi
    2 weeks I installed sucuri plugin, followed info and hardened all directories. This morning I received alerts my Wordfence scan that i had 88 problems to fix that included a boat load of malicious files inserted into the following list of plugins.

    Contact Form 7
    Display Widget
    Google Sitemap Generator
    Short code in Sidebar Widget

    In addition there were many files inserted into uploads Dir, and the htaccess file in wp-content dir had this code inserted above the sucuri’s hardening code:

    <IfModule mod_rewrite.c>
    RewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]
    RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)
    RewriteRule ^.*$ index.php [L]
    </IfModule>

    I thought… this is what sucuri was suppposed to prevent? What am I missing here? Any help or ideas would be greatly appreciated.

    Thank you
    Rodney

    https://www.ads-software.com/plugins/sucuri-scanner/

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi Rodney,

    You mentioned in your post Wordfence scan. I’m assuming you are also using Wordfence security plugin on you website.

    Is it possible the results are false positives? In Wordfence Options is ‘Enable HIGH SENSITIVITY scanning’ selected?

    If so you may want to unselect it and run a new scan.

    Regard,
    IW

    Thread Starter rjmonday

    (@rjmonday)

    Thank You
    Yep, I did that first just to make sure and i got the same results.

    This type of injection to your .htaccess is most certainly malicious, so you have been compromised.

    Neither our plugin (or any other plugin, really) will stop these attacks against your site.

    Our plugin is a complementary solution to an overall security posture and the hardening will minimize any potential entry points, but it won’t cover them all.

    I would recommend doing a full sweep across your plugins (and all files) for backdoors and any outdated software and this is likely the cause of these issues.

    You can also try the open source ModSecurity (a real web application firewall) as it helps stop these attacks. Our Sucuri Firewall also does that, but is a paid solution, so if you like to stay with free, ModSecurity is the best course of action.

    thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘wp-content Dir Hardened with Sucuri plugin hacked!’ is closed to new replies.