So you like Wordpress... then you want to be careful - GoFuckYourself.com

Dennis69 · 02-02-2008, 08:44 AM

It looks like somebody hacked wordpress on one of my blogs and put a script on the bottom of 1000s and 1000's of my pages on one of my dedicated servers, it will take me forever to remove it from all the pages... the script is redirecting all my traffic from free sites, gallery pages and so much more to this url.

http://jxp2dve.com/?prvtof=8b2VkUqfX...JePkd0tw%3D%3D

Miguel T · 02-02-2008, 08:51 AM

Might have been a host problem , not a wordpress problem.

Nicky · 02-02-2008, 09:37 AM

urgh, you sure it was wordpress? I don't like the sound of it, better try and up the security on it in some way

rowan · 02-02-2008, 09:38 AM

Probably not the best idea to be posting direct links to pages that were inserted by hackers, it's not hard to imagine what they might do to an unpatched/holy MSIE.

Do you run any other scripts on the server?

dstaff · 02-02-2008, 10:33 AM

there's pretty much a security hole in every version of wordpress...public and 0day..not much you can do...

anything helps though

www.grsecurity.net <- harden your kernel
http://www.modsecurity.org/ <- harden apache and php

AliGbone · 02-02-2008, 12:19 PM

yea wordpress if full of vulnerabilities gots to lock it down if your going to use it

directfiesta · 02-02-2008, 12:28 PM

Quote:

Originally Posted by AbsolutePorn

Might have been a host problem , not a wordpress problem.

he is dedicated ....

HairToStay · 02-02-2008, 12:30 PM

What version of Word Press was "hacked?"

V_RocKs · 02-02-2008, 01:12 PM

You probably have an ancient form of wordpress unseen in years.

BlackCrayon · 02-02-2008, 01:19 PM

As long as you install updates right when they come out, you should be fine.

Pornopat · 02-02-2008, 03:06 PM

Quote:

Originally Posted by directfiesta

he is dedicated ....

It can still happen...

directfiesta · 02-02-2008, 03:28 PM

Quote:

Originally Posted by Pornopat

It can still happen...

then it is not the host fault, as the original poster implied ... people don't read here ... or what ?

u-Bob · 02-02-2008, 03:39 PM

Running wordpress is a disaster waiting to happen.

Dennis69 · 02-02-2008, 03:46 PM

Quote:

Originally Posted by BlackCrayon

As long as you install updates right when they come out, you should be fine.

Best of luck with that... you almost need to be there hitting refresh because they are always updating the damn thing

BlackCrayon · 02-02-2008, 04:05 PM

Quote:

Originally Posted by Dennis69

Best of luck with that... you almost need to be there hitting refresh because they are always updating the damn thing

There hasn't been an update in over a month.

Pornopat · 02-02-2008, 04:30 PM

Quote:

Originally Posted by directfiesta

then it is not the host fault, as the original poster implied ... people don't read here ... or what ?

It can be the hosts fault wheater or not he is dedicated. Several dedicated boxes can be connected to each other.
A piece of php on one of the boxes or an outdated piece of software (besides wordpress) can do the trick.

People dont think here or what?

directfiesta · 02-02-2008, 04:35 PM

Quote:

Originally Posted by Pornopat

It can be the hosts fault wheater or not he is dedicated. Several dedicated boxes can be connected to each other.
A piece of php on one of the boxes or an outdated piece of software (besides wordpress) can do the trick.

People dont think here or what?

fine, it is the host fault ... have to leave ... going to nightcourses ....

Pornopat · 02-02-2008, 04:36 PM

Quote:

Originally Posted by Dennis69

It looks like somebody hacked wordpress on one of my blogs and put a script on the bottom of 1000s and 1000's of my pages on one of my dedicated servers, it will take me forever to remove it from all the pages... the script is redirecting all my traffic from free sites, gallery pages and so much more to this url.

http://jxp2dve.com/?prvtof=8b2VkUqfX...JePkd0tw%3D%3D

I have had a similar problem. The host helped me with a custom solution that repressed this code. So the code became useless. It was a temporary solution because the moment the hacker redirects it to another url you will have to change your costumsolution as well. It helps you buy time to find the security hole though.

papill0n · 02-02-2008, 04:39 PM

Uggg thats sucks Dennis. Good luck sorting that nightmare out mate.

mrkris · 02-02-2008, 04:48 PM

Wordpress is crap. The code base is clunky, the plugin architecture is sub par and its slow as sin.

BlackCrayon · 02-03-2008, 11:00 AM

Quote:

Originally Posted by mrkris

Wordpress is crap. The code base is clunky, the plugin architecture is sub par and its slow as sin.

Whats the alternative?

tony286 · 02-03-2008, 11:16 AM

this is why Im thinking of getting a separate server or a virtual account to start to play with wp. To have my server that pays my mortgage fucked up wouldn't work for me.

Chio · 02-03-2008, 11:20 AM

Check the div for class=goro in your source or something like that. There are a number of ways to remove it (it's a single include file). Search google.

If you use autoblogger simply use rewriter to replace eveything within the goro div with a blank space.

Chio · 02-03-2008, 11:22 AM

Here's the link to remove the infection if it's the goro injection:

http://blog.kakkoi.net/wordpress/how...class-mailphp/

02-02-2008, 08:44 AM	#1
Dennis69 Confirmed User Join Date: Feb 2003 Location: Dreamland Posts: 1,685	So you like Wordpress... then you want to be careful It looks like somebody hacked wordpress on one of my blogs and put a script on the bottom of 1000s and 1000's of my pages on one of my dedicated servers, it will take me forever to remove it from all the pages... the script is redirecting all my traffic from free sites, gallery pages and so much more to this url. http://jxp2dve.com/?prvtof=8b2VkUqfX...JePkd0tw%3D%3D __________________ HaHaHa Last edited by Dennis69; 02-02-2008 at 08:45 AM.. Reason: Edited so I wouldn't end up in jail before the day was out!!!!

02-02-2008, 08:51 AM	#2
Miguel T ♦ Web Developer ♦ Industry Role: Join Date: May 2005 Location: Full-Stack Developer Posts: 12,472	Might have been a host problem , not a wordpress problem. __________________ Full Stack Webdeveloper: HTML5/CSS3, jQuery, AJAX, ElevatedX, NATS, MechBunny, Wordpress

02-02-2008, 09:37 AM	#3
Nicky Too lazy to set a custom title Industry Role: Join Date: Mar 2003 Location: Sweden Posts: 30,070	urgh, you sure it was wordpress? I don't like the sound of it, better try and up the security on it in some way __________________ gfynicky @ gmail.com

02-02-2008, 10:33 AM	#5
dstaff Confirmed User Join Date: Oct 2005 Location: Canada Posts: 198	there's pretty much a security hole in every version of wordpress...public and 0day..not much you can do... anything helps though www.grsecurity.net <- harden your kernel http://www.modsecurity.org/ <- harden apache and php __________________ We Do Content Marketing pure and simple.

02-02-2008, 12:19 PM	#6
AliGbone Confirmed User Join Date: Sep 2004 Location: alabama Posts: 547	yea wordpress if full of vulnerabilities gots to lock it down if your going to use it __________________ I'm not Ali A, not Ali B, Ali C, Ali D, Ali E, Ali F... but... Ali G! Booyakasha!!!! Need Content? ADULTCENTRO ROCKS! ADULTCENTRO.COM

02-02-2008, 09:38 AM	#4
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	Probably not the best idea to be posting direct links to pages that were inserted by hackers, it's not hard to imagine what they might do to an unpatched/holy MSIE. Do you run any other scripts on the server?

02-02-2008, 12:30 PM	#8
HairToStay Confirmed User Join Date: Oct 2002 Location: Southcoast, Mass. Posts: 1,521	What version of Word Press was "hacked?" __________________ Make bank by giving your surfers free pics every day and it costs you NOTHING! Use POTD Sponsors to find adult sponsors in more than 75 niches who offer a POTD feature!

02-02-2008, 01:12 PM	#9
V_RocKs Damn Right I Kiss Ass! Industry Role: Join Date: Dec 2003 Location: Cowtown, USA Posts: 32,421	You probably have an ancient form of wordpress unseen in years.

02-02-2008, 01:19 PM	#10
BlackCrayon Too lazy to set a custom title Join Date: Jun 2003 Location: Ottawa Posts: 19,631	As long as you install updates right when they come out, you should be fine. __________________ you don't know you're wearing a leash if you sit by the peg all day..

02-02-2008, 03:39 PM	#13
u-Bob there's no $$$ in porn Industry Role: Join Date: Jul 2005 Location: icq: 195./568.-230 (btw: not getting offline msgs) Posts: 33,063	Running wordpress is a disaster waiting to happen.

02-02-2008, 04:39 PM	#19
papill0n Unregistered Abuser Industry Role: Join Date: Oct 2007 Posts: 15,547	Uggg thats sucks Dennis. Good luck sorting that nightmare out mate.

02-02-2008, 04:48 PM	#20
mrkris Confirmed User Join Date: May 2005 Posts: 2,737	Wordpress is crap. The code base is clunky, the plugin architecture is sub par and its slow as sin. __________________ PHP-MySQL-Rails \| ICQ: 342500546

02-03-2008, 11:16 AM	#22
tony286 lurker Industry Role: Join Date: Aug 2002 Location: atlanta Posts: 57,021	this is why Im thinking of getting a separate server or a virtual account to start to play with wp. To have my server that pays my mortgage fucked up wouldn't work for me.

02-03-2008, 11:20 AM	#23
Chio Confirmed User Join Date: Oct 2002 Location: ICQ: 39-183769 Posts: 8,002	Check the div for class=goro in your source or something like that. There are a number of ways to remove it (it's a single include file). Search google. If you use autoblogger simply use rewriter to replace eveything within the goro div with a blank space. __________________ I seo'd my hair yesterday and today it's pr7! RIP Texas Dreams Are you a content producer or program owner sick of tube sites? Contact me on ICQ: 39-183769

02-03-2008, 11:22 AM	#24
Chio Confirmed User Join Date: Oct 2002 Location: ICQ: 39-183769 Posts: 8,002	Here's the link to remove the infection if it's the goro injection: http://blog.kakkoi.net/wordpress/how...class-mailphp/ __________________ I seo'd my hair yesterday and today it's pr7! RIP Texas Dreams Are you a content producer or program owner sick of tube sites? Contact me on ICQ: 39-183769