Is this a hack someone injecting into my wp site? - GoFuckYourself.com

lakerslive · 02-24-2014, 12:43 PM

its a bit creepy.. I?ve changed db tables, passwords, upgraded to latest wordpress + detube verison.. but it still changes to that.. from
http://mydomain.com/?orderby=views

to

mydomain.com/s=\?asshole%3A&orderby=views

FINESEC · 02-24-2014, 02:27 PM

You might want to check your scripting for vulnerabilities. If you can't afford that you can mitigate vulnerabilities with help of mod_security.

Shoplifter · 02-24-2014, 02:56 PM

Check your .htaccess? Chances are it's writeable.

lakerslive · 02-24-2014, 03:17 PM

yeah, i did a "FIND in all files" for that "asshole" word for all my files using dreamweaver and didn't find any. I checked htaccess.. nothing.

I checked database, its clean.

really bizarre.

Thanks for your time (whoever is helping) always

loreen · 02-24-2014, 03:20 PM

I found something similar in my .htaccess and header of the theme.

lakerslive · 02-24-2014, 06:58 PM

Yes, i can only see it when
1. im logged out
2. on the front page of the site ONLY.

Colmike9 · 02-24-2014, 07:03 PM

You see anything weird in your .htaccess with RewriteRule?

phasic · 02-24-2014, 07:08 PM

Quote:

Originally Posted by lakerslive

its a bit creepy.. I?ve changed db tables, passwords, upgraded to latest wordpress + detube verison.. but it still changes to that.. from
http://mydomain.com/?orderby=views

to

mydomain.com/s=\?asshole%3A&orderby=views

Hit me up on ICQ. Or shoot me an email support (at) phasicllc dot com

lakerslive · 02-25-2014, 12:29 AM

fixed it.. shieeet..

Just basically put in a fresh copy of wordpress.. fresh re installation plugins

site had to be down for some 30+ mins.. worth it...

lakerslive · 02-25-2014, 12:50 AM

seriously though, with wordpress, if you modified it alot you won't be able to keep up with the updates.. Good thing I planned ahead and didn't customize this theme i have.

phasic · 02-25-2014, 01:15 AM

Quote:

Originally Posted by lakerslive

fixed it.. shieeet..

Just basically put in a fresh copy of wordpress.. fresh re installation plugins

site had to be down for some 30+ mins.. worth it...

If it happened once, theres a good possibility you've got a vulnerability some where. It'd be a good idea to have someone take a look for you.

loreen · 02-25-2014, 03:10 AM

Quote:

Originally Posted by lakerslive

Good thing I planned ahead and didn't customize this theme i have.

Glad you fixed it

02-24-2014, 12:43 PM	#1
lakerslive Confirmed User Industry Role: Join Date: Aug 2012 Posts: 929	Is this a hack someone injecting into my wp site? its a bit creepy.. I?ve changed db tables, passwords, upgraded to latest wordpress + detube verison.. but it still changes to that.. from http://mydomain.com/?orderby=views to mydomain.com/s=\?asshole%3A&orderby=views

02-24-2014, 02:27 PM	#2
FINESEC Registered User Industry Role: Join Date: Nov 2012 Location: Warsaw Posts: 59	You might want to check your scripting for vulnerabilities. If you can't afford that you can mitigate vulnerabilities with help of mod_security. __________________ http://SiteDefensor.com - secure authentication, password cracking and sharing prevention, site ripping protection http://SiteCaptcha.com - free, secure and simple CAPTCHA solution

02-24-2014, 03:20 PM	#5
loreen myadultdesign.com Industry Role: Join Date: May 2004 Location: Europe Posts: 12,557	I found something similar in my .htaccess and header of the theme. __________________ Banners, logos, headers, peels, FHGs, ads, paysites, photo retouching etc: my adult design portfolio My logo portfolio: PornLogos.com

02-24-2014, 07:03 PM	#7
Colmike9 (>^_^)b Industry Role: Join Date: Dec 2011 Posts: 7,223	You see anything weird in your .htaccess with RewriteRule? __________________ Join the BEST cam affiliate program on the internet! I've referred over $1.7mil in spending this past year, you should join in. I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..

02-24-2014, 02:56 PM	#3
Shoplifter Richest man in Babylon Industry Role: Join Date: Jan 2002 Location: Posts: 10,002 Posts: 5,699	Check your .htaccess? Chances are it's writeable.

02-24-2014, 03:17 PM	#4
lakerslive Confirmed User Industry Role: Join Date: Aug 2012 Posts: 929	yeah, i did a "FIND in all files" for that "asshole" word for all my files using dreamweaver and didn't find any. I checked htaccess.. nothing. I checked database, its clean. really bizarre. Thanks for your time (whoever is helping) always

02-24-2014, 06:58 PM	#6
lakerslive Confirmed User Industry Role: Join Date: Aug 2012 Posts: 929	Yes, i can only see it when 1. im logged out 2. on the front page of the site ONLY.

02-25-2014, 12:29 AM	#9
lakerslive Confirmed User Industry Role: Join Date: Aug 2012 Posts: 929	fixed it.. shieeet.. Just basically put in a fresh copy of wordpress.. fresh re installation plugins site had to be down for some 30+ mins.. worth it...

02-25-2014, 12:50 AM	#10
lakerslive Confirmed User Industry Role: Join Date: Aug 2012 Posts: 929	seriously though, with wordpress, if you modified it alot you won't be able to keep up with the updates.. Good thing I planned ahead and didn't customize this theme i have.