Register or have you forgotten your password?
Get the most out of Surmunity, read our tips here! Need an interesting blog to read? You've got to read the Surpass Blog!
| Welcome! Please register to access all of our features.
March 4th, 2006, 5:50 PM
|
#1 (permalink) |
|
Registered User
Fresh Surpasser
Joined in Sep 2005
3 posts
Gave thanks: 0
Thanked 0 times
|
Wordpress Hacked!
Hi,
I'm running a WP blog at http://www.funwithjustin.com/ and I keep getting some type of hack/exploit in which a bunch of pop-up/spam/spyware iframes are inserted at the beginning of my site's code. Is this a Surpass problem? I've searched and searched to no avail for similar issues on the WP forums. Please help ASAP! Thanks, Justin |
|
    
|
|
March 4th, 2006, 7:00 PM
|
#2 (permalink) |
|
Sur, pass the salt
Excelling Contributor
Joined in Sep 2005
Lives in kayla's dvd-rw tray
Hosted on Pass44
811 posts
Gave thanks: 46
Thanked 54 times
|
I would say no, this isn't a Surpass problem. Usually this is due to WP (or other such systems) not having been updated to the latest version but if you have done this, I'm not sure what more you can do. Maybe one of the local WP experts (ceo & co) will have an idea.
__________________
Benjamin  Server: Pass44 |
|
|
|
|
March 4th, 2006, 7:02 PM
|
#3 (permalink) |
|
Marketing Maven
Surpass Staff
Joined in May 2003
Lives in Chicago
24,757 posts
Gave thanks: 946
Thanked 807 times
|
It could very well be due to a recent plugin you've installed. I see you've uploaded something as recently as 3/3. I would recommend inserting a blank index page in your /wp-content/plugins directory until we can help you figure this out completely.
|
|
|
|
|
March 5th, 2006, 1:40 PM
|
#5 (permalink) |
|
Registered User
Fresh Surpasser
Joined in Sep 2005
3 posts
Gave thanks: 0
Thanked 0 times
|
I figured it out, and it's DEFINITELY a surpass problem.
This happened to me a few Saturday's ago too... I've got multiple blogs on the same server, and they all got attacked via code injection. It seems that somebody is launching an attack on one (or maybe many) of Surpass' servers that looks for writeable files and injects a series of spyware <iframe> tags into the ends of the files once it identifies them as writeable. I accidentally forgot to fix a bunch of files and update the modes to 644 and these are all of the files that got written into. Again, I know that this is a Surpass problem because it happened to not only multiple blogs, but multiple sites on the same server in which I forgot to update my permission settings. This has happened to me a few other times too, and I just re-installed WP. It seems to always happen on Saturday during the day. Hope this helps somebody else. Thanks, Justin |
|
|
|
|
March 5th, 2006, 1:48 PM
|
#6 (permalink) |
|
Sur, pass the salt
Excelling Contributor
Joined in Sep 2005
Lives in kayla's dvd-rw tray
Hosted on Pass44
811 posts
Gave thanks: 46
Thanked 54 times
|
It depends on how you look at it. To me, this is a user/permissions-not-properly-set problem, not a Surpass problem. It doesn't matter if you are hosted here or elsewhere, if you don't set permissions properly, you run the risk of being hacked. Not a criticism - this is just my perspective and I am glad to hear you solved your problem!
__________________
Benjamin Server: Pass44 |
|
|
|
|
March 5th, 2006, 4:10 PM
|
#7 (permalink) | |
|
DemonicAngel
Super #1
Joined in Aug 2004
Lives in Wherever The World Takes Me
Hosted on Pass76
1,847 posts
Gave thanks: 28
Thanked 35 times
|
Quote:
It's a some script kiddy uploaded a script that finds files that are writable problem. It's the downside to being on a shared server. Go Dedicated :P It's a common problem if someone on the server is running a script that allows uploads (most people find forums runing IPB 1.x and exploit that, or sites that allow you to upload anything/rar files) You can't blame Supass, it's a problem on other hosts as well. |
|
|
|
|
|
March 5th, 2006, 6:46 PM
|
#8 (permalink) |
|
xx butterfly xx
Comfy Contributor
Joined in May 2003
Lives in Kentucky, USA
120 posts
Gave thanks: 0
Thanked 0 times
|
I suggest you check this thread out. It has a more detailed explaination of the problem.
http://surmunity.com/showthread.php?t=17626 You aren't the only one experiencing this, I am as well, along with lots of others. And no, it isn't a Surpass problem. I suggest you make your files (you do mean your theme files, right?) 755 for now, until you need to edit them. It IS a big problem, but for now all you can do is make sure your scripts are up-to-date and that your permissions aren't world writable (777). |
|
|
|
|
March 5th, 2006, 6:56 PM
|
#9 (permalink) | |||||
|
minor deity
Super #1
Joined in Apr 2004
Lives in Georgia
Hosted on XEON
7,395 posts
Gave thanks: 28
Thanked 94 times
|
Quote:
Quote:
Quote:
Quote:
Quote:
Regards, John
__________________
Proud to be a Surmunity Mod! XEON Make a fundamental difference! My Sites: Curious about Brewing Beer? Join the community! >>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax Get into an Art museum Victorian London It's your brain -ON WEB - mybrainhost.com (under development) What SHOULD Government do? Much Less than it Does! |
|||||
|
|
|
