Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 02-02-2008, 08:44 AM   #1
Dennis69
Confirmed User
 
Join Date: Feb 2003
Location: Dreamland
Posts: 1,685
So you like Wordpress... then you want to be careful

It looks like somebody hacked wordpress on one of my blogs and put a script on the bottom of 1000s and 1000's of my pages on one of my dedicated servers, it will take me forever to remove it from all the pages... the script is redirecting all my traffic from free sites, gallery pages and so much more to this url.

http://jxp2dve.com/?prvtof=8b2VkUqfX...JePkd0tw%3D%3D
__________________
HaHaHa

Last edited by Dennis69; 02-02-2008 at 08:45 AM.. Reason: Edited so I wouldn't end up in jail before the day was out!!!!
Dennis69 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 08:51 AM   #2
Miguel T
♦ Web Developer ♦
 
Miguel T's Avatar
 
Industry Role:
Join Date: May 2005
Location: Full-Stack Developer
Posts: 12,472
Might have been a host problem , not a wordpress problem.
__________________

Full Stack Webdeveloper: HTML5/CSS3, jQuery, AJAX, ElevatedX, NATS, MechBunny, Wordpress
Miguel T is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 09:37 AM   #3
Nicky
Confirmed User
 
Nicky's Avatar
 
Industry Role:
Join Date: Mar 2003
Location: Sweden
Posts: 30,069
urgh, you sure it was wordpress? I don't like the sound of it, better try and up the security on it in some way
__________________

gfynicky @ gmail.com
Nicky is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 09:38 AM   #4
rowan
Too lazy to set a custom title
 
Join Date: Mar 2002
Location: Australia
Posts: 17,393
Probably not the best idea to be posting direct links to pages that were inserted by hackers, it's not hard to imagine what they might do to an unpatched/holy MSIE.

Do you run any other scripts on the server?
rowan is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 10:33 AM   #5
dstaff
Confirmed User
 
Join Date: Oct 2005
Location: Canada
Posts: 198
there's pretty much a security hole in every version of wordpress...public and 0day..not much you can do...

anything helps though

www.grsecurity.net <- harden your kernel
http://www.modsecurity.org/ <- harden apache and php
__________________
We Do Content Marketing pure and simple.
dstaff is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 12:19 PM   #6
AliGbone
Confirmed User
 
AliGbone's Avatar
 
Join Date: Sep 2004
Location: alabama
Posts: 547
yea wordpress if full of vulnerabilities gots to lock it down if your going to use it
__________________
I'm not Ali A, not Ali B, Ali C, Ali D, Ali E, Ali F... but... Ali G!

Booyakasha!!!!
Need Content? ADULTCENTRO ROCKS! ADULTCENTRO.COM
AliGbone is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 12:28 PM   #7
directfiesta
Too lazy to set a custom title
 
directfiesta's Avatar
 
Industry Role:
Join Date: Oct 2002
Location: Montreal, Quebec
Posts: 29,679
Quote:
Originally Posted by AbsolutePorn View Post
Might have been a host problem , not a wordpress problem.
he is dedicated ....
__________________
I know that Asspimple is stoopid ... As he says, it is a FACT !

But I can't figure out how he can breathe or type , at the same time ....
directfiesta is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 12:30 PM   #8
HairToStay
Confirmed User
 
HairToStay's Avatar
 
Join Date: Oct 2002
Location: Southcoast, Mass.
Posts: 1,521
What version of Word Press was "hacked?"
__________________
Make bank by giving your surfers free pics every day and it costs you NOTHING! Use POTD Sponsors to find adult sponsors in more than 75 niches who offer a POTD feature!
HairToStay is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 01:12 PM   #9
V_RocKs
Damn Right I Kiss Ass!
 
Industry Role:
Join Date: Dec 2003
Location: Cowtown, USA
Posts: 32,409
You probably have an ancient form of wordpress unseen in years.
V_RocKs is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 01:19 PM   #10
BlackCrayon
Too lazy to set a custom title
 
BlackCrayon's Avatar
 
Join Date: Jun 2003
Location: Ottawa
Posts: 19,631
As long as you install updates right when they come out, you should be fine.
__________________
you don't know you're wearing a leash if you sit by the peg all day..
BlackCrayon is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 03:06 PM   #11
Pornopat
AdultTubeSubmits.com
 
Industry Role:
Join Date: Dec 2003
Location: The Netherlands
Posts: 10,598
Quote:
Originally Posted by directfiesta View Post
he is dedicated ....
It can still happen...
Pornopat is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 03:28 PM   #12
directfiesta
Too lazy to set a custom title
 
directfiesta's Avatar
 
Industry Role:
Join Date: Oct 2002
Location: Montreal, Quebec
Posts: 29,679
Quote:
Originally Posted by Pornopat View Post
It can still happen...
then it is not the host fault, as the original poster implied ... people don't read here ... or what ?
__________________
I know that Asspimple is stoopid ... As he says, it is a FACT !

But I can't figure out how he can breathe or type , at the same time ....
directfiesta is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 03:39 PM   #13
u-Bob
there's no $$$ in porn
 
u-Bob's Avatar
 
Industry Role:
Join Date: Jul 2005
Location: icq: 195./568.-230 (btw: not getting offline msgs)
Posts: 33,063
Running wordpress is a disaster waiting to happen.
u-Bob is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 03:46 PM   #14
Dennis69
Confirmed User
 
Join Date: Feb 2003
Location: Dreamland
Posts: 1,685
Quote:
Originally Posted by BlackCrayon View Post
As long as you install updates right when they come out, you should be fine.
Best of luck with that... you almost need to be there hitting refresh because they are always updating the damn thing
__________________
HaHaHa
Dennis69 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 04:05 PM   #15
BlackCrayon
Too lazy to set a custom title
 
BlackCrayon's Avatar
 
Join Date: Jun 2003
Location: Ottawa
Posts: 19,631
Quote:
Originally Posted by Dennis69 View Post
Best of luck with that... you almost need to be there hitting refresh because they are always updating the damn thing
There hasn't been an update in over a month.
__________________
you don't know you're wearing a leash if you sit by the peg all day..
BlackCrayon is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 04:30 PM   #16
Pornopat
AdultTubeSubmits.com
 
Industry Role:
Join Date: Dec 2003
Location: The Netherlands
Posts: 10,598
Quote:
Originally Posted by directfiesta View Post
then it is not the host fault, as the original poster implied ... people don't read here ... or what ?
It can be the hosts fault wheater or not he is dedicated. Several dedicated boxes can be connected to each other.
A piece of php on one of the boxes or an outdated piece of software (besides wordpress) can do the trick.

People dont think here or what?
Pornopat is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 04:35 PM   #17
directfiesta
Too lazy to set a custom title
 
directfiesta's Avatar
 
Industry Role:
Join Date: Oct 2002
Location: Montreal, Quebec
Posts: 29,679
Quote:
Originally Posted by Pornopat View Post
It can be the hosts fault wheater or not he is dedicated. Several dedicated boxes can be connected to each other.
A piece of php on one of the boxes or an outdated piece of software (besides wordpress) can do the trick.

People dont think here or what?
fine, it is the host fault ... have to leave ... going to nightcourses ....
__________________
I know that Asspimple is stoopid ... As he says, it is a FACT !

But I can't figure out how he can breathe or type , at the same time ....
directfiesta is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 04:36 PM   #18
Pornopat
AdultTubeSubmits.com
 
Industry Role:
Join Date: Dec 2003
Location: The Netherlands
Posts: 10,598
Quote:
Originally Posted by Dennis69 View Post
It looks like somebody hacked wordpress on one of my blogs and put a script on the bottom of 1000s and 1000's of my pages on one of my dedicated servers, it will take me forever to remove it from all the pages... the script is redirecting all my traffic from free sites, gallery pages and so much more to this url.

http://jxp2dve.com/?prvtof=8b2VkUqfX...JePkd0tw%3D%3D

I have had a similar problem. The host helped me with a custom solution that repressed this code. So the code became useless. It was a temporary solution because the moment the hacker redirects it to another url you will have to change your costumsolution as well. It helps you buy time to find the security hole though.
Pornopat is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 04:39 PM   #19
papill0n
Unregistered Abuser
 
Industry Role:
Join Date: Oct 2007
Posts: 15,547
Uggg thats sucks Dennis. Good luck sorting that nightmare out mate.
papill0n is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-02-2008, 04:48 PM   #20
mrkris
Confirmed User
 
Join Date: May 2005
Posts: 2,737
Wordpress is crap. The code base is clunky, the plugin architecture is sub par and its slow as sin.
__________________

PHP-MySQL-Rails | ICQ: 342500546
mrkris is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-03-2008, 11:00 AM   #21
BlackCrayon
Too lazy to set a custom title
 
BlackCrayon's Avatar
 
Join Date: Jun 2003
Location: Ottawa
Posts: 19,631
Quote:
Originally Posted by mrkris View Post
Wordpress is crap. The code base is clunky, the plugin architecture is sub par and its slow as sin.
Whats the alternative?
__________________
you don't know you're wearing a leash if you sit by the peg all day..
BlackCrayon is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-03-2008, 11:16 AM   #22
tony286
lurker
 
tony286's Avatar
 
Industry Role:
Join Date: Aug 2002
Location: atlanta
Posts: 57,021
this is why Im thinking of getting a separate server or a virtual account to start to play with wp. To have my server that pays my mortgage fucked up wouldn't work for me.
tony286 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-03-2008, 11:20 AM   #23
Chio
Confirmed User
 
Chio's Avatar
 
Join Date: Oct 2002
Location: ICQ: 39-183769
Posts: 8,002
Check the div for class=goro in your source or something like that. There are a number of ways to remove it (it's a single include file). Search google.

If you use autoblogger simply use rewriter to replace eveything within the goro div with a blank space.
__________________

I seo'd my hair yesterday and today it's pr7!
RIP Texas Dreams

Are you a content producer or program owner sick of tube sites? Contact me on ICQ: 39-183769
Chio is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 02-03-2008, 11:22 AM   #24
Chio
Confirmed User
 
Chio's Avatar
 
Join Date: Oct 2002
Location: ICQ: 39-183769
Posts: 8,002
Here's the link to remove the infection if it's the goro injection:

http://blog.kakkoi.net/wordpress/how...class-mailphp/
__________________

I seo'd my hair yesterday and today it's pr7!
RIP Texas Dreams

Are you a content producer or program owner sick of tube sites? Contact me on ICQ: 39-183769
Chio is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.