TECH Found this script in one of my sites

[Browning]

http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html

Wasn't even a wordpress site. It was once installed but that's been removed for ~3 years now.

It doesn't just add the code. It also added a bunch of files to my images folder. Opened a couple up and it was nothing but spammy keywords ie. viagra and other types of pills.

I have removed the code and deleted the files but I'm wondering how some one was able to get access

Doesn't seem to have been installed on any of the other sites on the server. After googling for a while I seen a site saying it has something to do with link farms?

 

[pharmokan]

parasite

 

[ge0]

I had a wordpress up and some asshole was able to change all my .HTACCESS files for all the directories.


I am through with wordpress

 

[pharmokan]

its pretty secure now.

 

[komplex]

Seriously? I've always wondered how secure is Wordpress?
Developers have to know ways to hack into it..

 

[pharmokan]

damn now im scurred

if i dont have access to root how do search for it

is it like a directory within a theme dir called timthumb?

havent seen any yet

 

[Browning]

I don't have anything relating to timthumb on the site

 

[Browning]

you dolt

 

[Browning]

 

[pharmokan]

wow i fuckin hate when these stupid devs release stupid fucking code that leaves your whole server vuln.

i cant believe his coding i read that article

dude just did a STRPOS from trusted sites

flickr.com

if i had 2 subdomains on my site

flickr.com.mydomain.com

i can transfer any file over to the other d00dz dir and run it.

 

[Browning]

I actually wasn't talking to you.

I saw a couple of guys bitching about wordpress security and one guy saying that his site was recently hacked. I did only skim the thread, though.

Still don't see how they got in. None of the other sites seem to have been affected, but they are wordpress. Wordpress was installed on this site but only for a very short period, like a week tops. It was removed, database deleted and all instances of it removed from the server. This was late 08/early 09.

I'm always changing things and those codes and files weren't there last week. It's just a static site

As far as I know the site hasn't been flagged for malware. Google safe browsing says it's not listed as suspicious

 

[pharmokan]

did u have latest version of wordpress

theres a reason why they have updates for it...

 

[Browning]

you didn't read did ya

at the time yes it was up to date. All of the other sites on the server that use wordpress are up to date

 

[autox]

Yea I've had scripts injected into wordpress files/theme files before. I think it was because I had some shit set to 777, but I forget. Liquidweb helped me out though.