Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Wordpress site infected. Why? + Next steps?

Options
  • 05-10-2010 2:41am
    #1
    condra
    Registered Users Posts: 3,849 ✭✭✭


    Hello everyone.

    I did a Wordpress site for a friend of mine a couple of months ago.

    Recently, it got infected with some malware thing.

    There was code added to the bottom of some pages, with links to www.addonrock.ru

    My 3 main questions are:

    1 - How could that have happened?
    Is it more likely to have been a rogue plugin, or her crappy hosting provider?


    2 - Google were in touch to notify me that the site had malware, and now there is a malware warning on the google listing for the site.

    Is there a handy way to reinstall the website without losing the template, pages, etc?

    3 - Is there something I can do to prevent an attack in future?

    Thanks in advance for any replies, however brief.


Comments

  • Options
    #2
    mneylon
    Registered Users Posts: 7,739 ✭✭✭mneylon


    Most of the malware type attacks on Wordpress (and other) sites are either due to:
    • Out of date / vulnerable Wordpress
    • Out of date / vulnerable plugin
    • Virus infection on a user's computer

    It is highly unlikely that the issue is on the host's side.

    Clean it up and make sure that ALL users who have access to it have virus-free computers (also check for spyware etc)

    Once it's completely cleaned up you should be able to get the malware warning removed

    Blog | Tweets



  • Options
    #3
    kevteljeur
    Registered Users Posts: 1,287 ✭✭✭kevteljeur


    Actually, I did find that Wordpress has a weakness via the .htaccess file, if the permissions are set for the file to be writable by anyone.

    I've had it a couple of times; generally it redirects the whole site to a different, dodgy site, but I suppose it could also add a footer or header by injection (as an Apache SSI). But it's just a suggestion. Blacknight has far more experience than I do :)



    k


  • Options
    #4
    D Hayes
    Registered Users Posts: 511 ✭✭✭D Hayes


    Good article here on how to avoid getting your Wordpress site hacked.


  • Options
    #5
    tricky D
    Closed Accounts Posts: 9,700 ✭✭✭tricky D


    kevteljeur wrote: »
    Actually, I did find that Wordpress has a weakness via the .htaccess file, if the permissions are set for the file to be writable by anyone.

    I've had it a couple of times; generally it redirects the whole site to a different, dodgy site, but I suppose it could also add a footer or header by injection (as an Apache SSI). But it's just a suggestion. Blacknight has far more experience than I do :)



    k

    Note: Check all your directories for dodgy .htaccess files which might include malicious reirects.


  • Options
    #6
    condra
    Registered Users Posts: 3,849 ✭✭✭condra


    Thanks for the tips everyone. I'm going to tear down the whole site and start from scratch.


  • Advertisement
Advertisement