Attention Wordpress Site Owners

[somarco]

If you have a WP site/blog you may be vulnerable to attack. Or, you may have already been attacked like I was.

30,000 WordPress blogs infected to distribute rogue antivirus software

New WordPress ToolsPack Plugin | Sucuri

Fortunately I caught the problem early on and was able to take care of most of the problems before too much damage was done.

Brook Jolley found a lot of the problems and fixed them well enough to avoid any major damage. A second check by a security engineer took care of a few remaining issues.

The second shoe fell when they used information in the admin section of my site to hack my email address. This led to a 2 day jaunt by the hackers spamming the globe with Viagra and porn emails sent from my hijacked email provider.

All seems to be well now but if you have a WP site, or any site for that matter, you would be well advised to make sure it is secure.

 

[ksigmtsu]

I tried. It was like putting a bandaid on a broken arm. I think I plugged htaccess back 20 times before finding the shell script they added into the files.

Sucuri is a good plugin, plus bulletproof security's htaccess locker.

The attacks seem to happen in 1 of 2 ways. One is the timthumb plugin, which needs to be checked and patched immediately if its outdated.

Way 2 seems to be plugins from the wordpress repo. Some of them appear to have backdoors in them. Not sure how good of a job policing the plugins is going on over there, but if you don't know how secure a plugin is, at the very least go look at the makers website.

 

[somarco]

You saved my butt and bought us some time.

The timthumb plugin has been updated and hopefully everything is safe . . . until the next attack.

The changes you made plus the ones made by RJ seem to have discouraged them from coming back.

 

[ksigmtsu]

Here is a series of steps you can do to harden against this.

Update all plugins. Update wordpress.

Install timthumb vulnerability scanner plugin. scan and use the autofix.

Install bulletproof security plugin. Use the create secure htaccess, install it into all the locations, create the backups, etc, till all the red letters turn green.

Install the securi malware scanning tool. Use their 1 click hardening tools.

If you have ftp/root access, go into the box and change the file permissions of the htaccess files to 404, and the index files to 400. Delete your wordpress files that show the version numbers.

I can do all this for you if you don't want to or know how to do it for 5 dollars, need site address, login name, password. Don't want to see more people with the 24 hours of patching and searching for the backdoor issues.

If you want the file perms changed, I'd also need shell/cpanel/ftp access to the box.

 

[somarco]

I can do all this for you if you don't want to or know how to do it for 5 dollars,

Didn't know you were a fiverr kind of guy . . .

 

[ksigmtsu]

Didn't know you were a fiverr kind of guy . . .

Heh I have a couple fiverr gigs I can do via automation.

I'm an automation kind of a guy.

 

[Convert Likes]

Besides askimet, does anyone know of a good anti malware plugin that's free?

 

[somarco]

Akismet is used to block spam. You can turn off comments which will eliminate most of those issues.

Making your site hack proof is much more challenging, but you can add Bulletproof Security, Bad Behavior and Securi Scanner to try to keep the bad guys out.

 

[Crabcake Johnny]

I love Bad Behaviour. Has blocked 100% of all spam on all of my WP sites and it's free.

 

[BlockO]

John,
you mentioned a week or so about putting on a webinar about creating WP sites. If you have a link for that I'd really like to check it out.