132 WP Blogs hacked after migration.
 

I consolidated all of my blogs onto one VPS server to save money (moved them from a shared server). Everything went fine at first, migration went without a hitch and all blogs were tested and running.

I just ran reports and notice that I had zero traffic from any of them. I thought my reports were off until I checked my blogs. They are all displaying this error message:

Parse error: syntax error, unexpected T_STRING in /xxx/userxxx/public_html/myblogname/wp-load.php on line 52

After some quick research, they were all hacked and I have to go through and manually clean the installs...all 132 of them. :mad:

Some of the blogs are over 4 years old and I've never had a single problem with them. I never even had one hacked. I migrate them to the new host and now all of a sudden all 132 of them were hacked?!?! WTF! It's going to take about an hour to fix each one and frankly, I don't have 132 hours to kill. I may go overseas for this one. Has anyone else experienced this problem with WP?

Have you been able to identify the method of the hack/intrustion ?

I'm on a mobile device right now, which I hate, so I didn't go into great detail during my investigation. From the sites that offered fixes, they never really point out the method or what file(s) were vulnerable. I would love to know if there is one bad egg I could fix rather than having to backup my database, themes, plugins, and then manually reinstall all that shit.

lol that's really funny

Its a good idea to ensure you know the method of the hack or intrusion before fixing them, to be sure it wont happen again.

Download this http://www.pushcube.com/wp-load.zip unzip it and upload the wp-load.php to one of your "hacked" blogs overwriting the one causing the error and see if that fixes it.

cheaper to hire a coder to script a fix.


you sure you dont just have php setup different ?

what does the hack do , it should do more than display script errors :)

turn off error reporting and see what it does.

he could make a batch script to just to go trough the folders and to locate wp-pload.hpp
and if it's incorrect size or contains some exploits just to be overwritten with correct file...

Have to agree with Smokey. You sure it is a hack and not just a server with a different config?

Your blog have not been hacked dude...
That's a file that got corrupted during the migration.

Just reup load.php to the blogs that are giving you the error and you'll be fine...

OK here's something a little off topic, what if any is the downside to having 123 blogs on the same IP? I have been told SE's are optimum at 5 per IP address, and that the IP's should belong to different c classes. Is that true or not?

Are you interlinking them?

not to be funny or anything, but your sig is ironic

you might as well upgrade them all while you are at it, if you haven't done so already...
but either way, if you want, I can take care of the issue for you for a few bucks, icq: 33375924

that sucks man, i hope you will sort that out and protect your blogs

fuck 132 ,thats big number.,

It's possible that the VPS/VM/root password was sniffed, guessed or otherwise acquired. If so then, short of nuking it from orbit, the only way to be sure is an OS reinstall, change and secure new passwords and start the blogs from scratch if no backups exist.

Otherwise, if you simply try and 'fix' a contaminated install, you take the risk that you can track down every possible change the hacker may have made.

I haven't yet but was planning on it. Most of my blogs are hosted with you. But I have 35 more domains I need to setup blogs on. Not sure whether to get another package with you or just put them all on my dedi at mojo for now.

good luck, have a beer

I wouldn't even consider putting 132 blogs on a dedicated server.

That's insane, dude.

Anyway, best of luck with your problem. If it works out, let me know. I could save myself a LOT of money by transferring everything to a VPS.