andre3

You would think that there would be patch/fix publicly available by now. Surely wordpress people must care what happens to their platform?

Whoami:

Are you familiar with a solution to this? Is there a fix which will prevent the blogs from getting re-hacked?

Best Regards,
Andre

I have a folder with untampered plugins (I use the same plugins on many blogs, so I found one that’s not been tampered with). I then go to hacked wordpress wp-content/plugins/ and delete everything in the folder. Then I copy the untampered plugin folder’s content in, and it all works fine. I don’t even have to re-enable the plugins, because it’s like they were never gone.

While waiting for wordpress guys to fix this I did what I could, and this is what I figured out:

This hack backdoors a random plugin (any of whichever plugins you have activated). You can switch your plugins off one by one, and test to see if the hack is still active. When you hit the right plugin, the site should be back to normal and the hack gone (for now). You are still vulnerable and it’s very likely that they will hack you again. But for the time being you are OK. Just replace that plugin with a fresh copy and you can use it again.

If you can’t be bothered by looking for the right plugin, just overwrite your entire plugin folder with a saved plugin-folder containing all OK plugins.

I can’t wait to hear where wordpress went wrong to allow this to happen.

I emailed the anyresults.net hosting company and domain registrar. The guy should soon have to start all over with a new domain. While we wait for the wordpress guys to fix this, you can call/email/fax the guys ISP and domain registrar, reporting this.

From what I figured out, his ISP is ISPrime (isprime.com) and his domain registrar is publicdomainregistry.com

Best Regards,
Andre