A few days ago, my domain (chattydm,net) was hacked.
This attack injected hidden ads in the header of most of the websites I run/share on this domain, including Critical-hits and the RPG Bloggers Network’s forum. This was most likely done by a hostile script that Corrupted all our php scripts by inserting encrypted data in them.
I’m convinced that this hacking is not infectious, we think its a hostile script that was uploaded to the server hosting our domain.
So while we look for the solution, we may decide to put all our site down until resolved in order to avoid getting blacklisted by Google and give us time to scrub our websites clean.
We’ll let you know.
Thanks.
This is very likely a security exploit on WordPress, and once in they can add the code to any WP installations on neighbouring server directories. Make sure you reupload all of your WordPress files (for all sites) and ensure all your plugins are up to date. Remove any unnecessary / unused plugins as well.
Get these plugins:
http://wpantivirus.com/
http://wordpress.org/extend/plugins/wp-security-scan/
And consider these tips:
http://www.dullest.com/blog/three-tips-to-protect-your-wordpress-installation/
Good luck!
WordPress is full of holes…
http://codex.wordpress.org/Hardening_WordPress
If you’re lucky you’ll have a dated backup of your wordpress site you can reinstall once you have deleted all the current files on your site.
If not, It would probably be best to re-install your server, php, & wordpress from scratch.
You can of course, go through all of your files and delete the inserted script strings. Hopefully no vital php has been deleted during the injection. Easiest way for this is to install a copy of wordpress locally and compare php files. PSPad is a very good editor for doing this, you can do side-by-side comparisons of files, with any changes highlighted.
If your site is hosted on linux with Apache, let me know, I have a very good .htaccess file that will block most script injectors, even if they are coming from a shared server. The last attack on my gaming website brought down one of my servers for about four hours, but once the server was brought back online and the php re-installed, my own website & filespaces had been untouched.
If you are on a shared server , I’d recommend a dedicated one. Dedicated servers generally cost about $100 more a year than a shared server, however the only vulnerabilities with this are in your own files, and in the files on your dedicated server. You don’t have to worry about some other junior webmaster loading a facebook app with a script that hacks into your filespace.
Also, turn your website logging on and run a script that copies the logs off your website to a holding area every hour or so… You can easily identify if the attack was made directly into your website from the net, or if the attack vectored in from the server, or another shared webspace on the server.
Finally, If you are running Windows or Linux yourself, for your own connection to the Internet, the Wireshark is your friend!
I do have a recent backup and I’ll restore the site as soon as I get my hands back on it. Thanks for the tips and I’ll email you real soon to get your little program to protect against injections. Thanks GameDaddy.
Just a quick note to tell you all that all sites have been cleaned out, thanks to my good friend Eric Maziade. I owe him big!
Also it appears that the threat was server based.
Now I need to do some serious backups!