Wordpress Blackhole Exploit?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Tittytweaker
    Confirmed User
    • Dec 2012
    • 184

    #1

    Wordpress Blackhole Exploit?

    Just got hit with this yesterday evening.

    AVG alerted me when I visited my site. A bit of code was inserted into the header.php file of every theme I had installed. I removed that chunk of code, and checked my site again. That time, a different warning popped up about a javascript that I had installed (which had been working just fine for many months). I removed that javascipt file and that seemed to fix the problem.

    File permissions don't seem to have been changed, and to be safe I changed all of my passwords.

    How did this happen? I thought I had WP locked down pretty well, so how did they manage to edit files on my server? Was this done at random in some sort of mass attack, or could it have been a single person doing this maliciously?

    Could someone explain to me the basics behind this attack and maybe give me some security tips I may not have thought of yet?

    Thanks in advance,
    ~TT
    www.tittytweaker.com
  • PornDude
    I'm still broke.
    • Jul 2008
    • 3084

    #2
    Check the server logs and you will find out what happened.
    PornDude.com 🔥

    PornWebmasters.com 🤑

    MyGaySites.com 🤭

    PornDudeCasting.com 🚀

    Comment

    • ottopottomouse
      She is ugly, bad luck.
      • Jan 2010
      • 13177

      #3
      Have you installed a new theme recently?
      ↑ see post ↑
      13101

      Comment

      • Tittytweaker
        Confirmed User
        • Dec 2012
        • 184

        #4
        Originally posted by PikaPoka
        Check the server logs and you will find out what happened.
        What should I be looking for in the server logs?


        Originally posted by ottopottomouse
        Have you installed a new theme recently?
        Nope, nothing new.
        www.tittytweaker.com

        Comment

        • HomerSimpson
          Too lazy to set a custom title
          • Sep 2005
          • 13826

          #5
          1. ask your host to investigate the issue
          2. change your ftp passwords
          3. change your wp-admin passwords
          Make a bank with Chaturbate - the best selling webcam program
          Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

          PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:

          Comment

          Working...