Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Wordpress site infected. Why? + Next steps?

  • 05-10-2010 02:41AM
    #1
    condra
    Registered Users, Registered Users 2 Posts: 3,852 ✭✭✭


    Hello everyone.

    I did a Wordpress site for a friend of mine a couple of months ago.

    Recently, it got infected with some malware thing.

    There was code added to the bottom of some pages, with links to www.addonrock.ru

    My 3 main questions are:

    1 - How could that have happened?
    Is it more likely to have been a rogue plugin, or her crappy hosting provider?


    2 - Google were in touch to notify me that the site had malware, and now there is a malware warning on the google listing for the site.

    Is there a handy way to reinstall the website without losing the template, pages, etc?

    3 - Is there something I can do to prevent an attack in future?

    Thanks in advance for any replies, however brief.


Comments

  • #2
    mneylon
    Registered Users, Registered Users 2 Posts: 7,742 ✭✭✭mneylon


    Most of the malware type attacks on Wordpress (and other) sites are either due to:
    • Out of date / vulnerable Wordpress
    • Out of date / vulnerable plugin
    • Virus infection on a user's computer

    It is highly unlikely that the issue is on the host's side.

    Clean it up and make sure that ALL users who have access to it have virus-free computers (also check for spyware etc)

    Once it's completely cleaned up you should be able to get the malware warning removed

    Blog | Tweets



  • #3
    kevteljeur
    Registered Users, Registered Users 2 Posts: 1,287 ✭✭✭kevteljeur


    Actually, I did find that Wordpress has a weakness via the .htaccess file, if the permissions are set for the file to be writable by anyone.

    I've had it a couple of times; generally it redirects the whole site to a different, dodgy site, but I suppose it could also add a footer or header by injection (as an Apache SSI). But it's just a suggestion. Blacknight has far more experience than I do :)



    k


  • #4
    D Hayes
    Registered Users, Registered Users 2 Posts: 511 ✭✭✭D Hayes


    Good article here on how to avoid getting your Wordpress site hacked.


  • #5
    tricky D
    Closed Accounts Posts: 9,698 ✭✭✭tricky D


    kevteljeur wrote: »
    Actually, I did find that Wordpress has a weakness via the .htaccess file, if the permissions are set for the file to be writable by anyone.

    I've had it a couple of times; generally it redirects the whole site to a different, dodgy site, but I suppose it could also add a footer or header by injection (as an Apache SSI). But it's just a suggestion. Blacknight has far more experience than I do :)



    k

    Note: Check all your directories for dodgy .htaccess files which might include malicious reirects.


  • #6
    condra
    Registered Users, Registered Users 2 Posts: 3,852 ✭✭✭condra


    Thanks for the tips everyone. I'm going to tear down the whole site and start from scratch.


  • Advertisement
Advertisement