Wordpress Site Hacked !

[CaNewAgent]

Hmmm. What software is that? I've been writing code for 40 years (since I was 25) and I'd sure like to know about that software!



While some web servers run Windows and IIS, the vast majority run a Unix variant like Linux, FreeBSD, or Solaris along with Apache.

If you want to make the case that WP is insecure, there are tens of millions of people who will disagree with you. If you want to make the case that Windows and IIS have some security issues, those same millions will probably agree!

Josh is correct. Most often it is some (obscure) third-pary plugin that has a security vulnerability that gets exploited. But WP like the majority of heavily used open-source software, is remarkably stable and secure... partly because when a problem is found it is "jumped on" immediately and a revision is published which mitigates the number of potential hacks... so long as people are proactive in updating their sites... which is basically a one-click deal.

I've been putting up WP sites for four years now and have been part of the WP community even before that... and I've found the platform to be more secure than phpNuke, Dupal, Joom, and all the other popular CMSs out there.

Of course, YMMV.

Al

How about the IBM System i? It's not windows based. It is impervious to viruses and worms due to the [FONT=&quot]architecture[/FONT]. Everything that is created on the system is either compiled or created with a unique command. Once created no object can be changed to be a different object.

This is the problem with MS windows. It has no integrity. Every application that runs on windows has this underlying problem.

As far as the web application, I'm not familiar with it. I am familiar with open source programming. It has it's good and it's bad features. It's all about the standards organization that tests and implements the changes to the base code that get's released to the public.

The bad code that allows this software to be hacked might be placed in the product by one of the open source developers. Think about that for a second. If you were a hacker and wanted to exploit small web sites so you can get people's personal information for identity theft, open source software is the perfect fit for you. You know the code, you have 100% access to the code so you know where the vulnerabilities are.

There is no way would I put a site together using software that has a reputation of being hacked. No way. No how. My reputation means much more than that to me.

If I was you, I would find a different application to use.

Bill

 

[VolAgent]

How about the IBM System i? It's not windows based. It is impervious to viruses and worms due to the [FONT=&quot]architecture[/FONT]. Everything that is created on the system is either compiled or created with a unique command. Once created no object can be changed to be a different object.

This is the problem with MS windows. It has no integrity. Every application that runs on windows has this underlying problem.

As far as the web application, I'm not familiar with it. I am familiar with open source programming. It has it's good and it's bad features. It's all about the standards organization that tests and implements the changes to the base code that get's released to the public.

The bad code that allows this software to be hacked might be placed in the product by one of the open source developers. Think about that for a second. If you were a hacker and wanted to exploit small web sites so you can get people's personal information for identity theft, open source software is the perfect fit for you. You know the code, you have 100% access to the code so you know where the vulnerabilities are.

There is no way would I put a site together using software that has a reputation of being hacked. No way. No how. My reputation means much more than that to me.

If I was you, I would find a different application to use.

Bill

Most servers don't run Windows. They run some flavor of Unix. Windows security or lack thereof has no bearing upon Wordpress or most websites. Unix is infamous for buffer overflows. I believe they are a rarity now, but at one point that was one of the most frequent exploits of anything Unix based.

Most flaws with Unix security can actually be traced to the language in which it and the majority of its programs are written, C. C lacks native string support, so libraries were added by academics to handle it. They gave no thought to security at the time, and thus anything that used strings, every website and the vast majority of programs, were wide open to security exploits. This flaw also relied on the way that Unix handles memory allocation, which I seriously doubt has changed.

 

[Crabcake Johnny]

I only set up WP on Linux - never choose Windows.

 

[Guest]

I only set up WP on Linux - never choose Windows.

Linux is fine.

I think FreeBSD is better.

Wars have been fought over that... so just choose what you like and go with what you like.

Most folks who run an internet box using Windows with the Microsoft IIS web server are usually doing sites in ASP.Net.

I don't know if there is a WordPress-like system that takes advantage of some of the .Net objects... like grids and date pickers, etc. I wrote a ton of .Net applications years ago but have not touched it since. In order to do it right you needed Visual Studio and SQLserver. Maybe there are free versions of these now for developers, but several years ago there weren't... as the system was targeted to large corporations who had the bucks to pay out the noise for this stuff.

ASP.net is a very nice and robust platform... I'm not knocking it, but it used to work best (only!) with the IE browser and was a great platform for a corporate inTRAnet where everyone had the same computer, software, etc.

I'm sure by now a lot of that has changed but five to seven years ago a lot of people were afraid to put an ASP.Net site on the net because Windows and IIS had so many vulnerabilities.

Had MS made their developer suite (Visual Studio, Vault, etc.) free from day one I think we'd see a lot more ASP sites out there. But developers and server farms like "free" and there is little or nothing "free" from Microsoft.

Al

 

[CaNewAgent]

Most servers don't run Windows. They run some flavor of Unix. Windows security or lack thereof has no bearing upon Wordpress or most websites. Unix is infamous for buffer overflows. I believe they are a rarity now, but at one point that was one of the most frequent exploits of anything Unix based.

Most flaws with Unix security can actually be traced to the language in which it and the majority of its programs are written, C. C lacks native string support, so libraries were added by academics to handle it. They gave no thought to security at the time, and thus anything that used strings, every website and the vast majority of programs, were wide open to security exploits. This flaw also relied on the way that Unix handles memory allocation, which I seriously doubt has changed.

Here is a joke for you. Berkley was famous for two things. Unix and Acid. Which came first? Were the students on acid when they came up with Unix or did they need acid because of Unix?

The choice of the operating system behind the scene is secondary to the problem the original poster brought to the forum. I hope the Word press website are located behind a firewall or some sort. I believe they are. If not, there is another flaw in the installation.

The question is how is a hacker able to get through the firewall and log on with enough authority to change the control files? My answer is a backdoor or a poorly coded section of the software.

I'm not trying to be argumentative. I'm trying to make people who are not technical in nature understand their website is an extension of their business. Their website needs to be secure now and in the future. There can be zero tolerance for the site being hacked and personal information being compromised. Wordpress isn't meeting the requirements in my opinion. There has to be a better choice.

 

[somarco]

My hacker probably got in through htaccess where the security settings were 644, but they could have come in through a plug in.

At this point it really doesn't matter how they got in, they did, and completely owned my site for some time. I didn't find the changes they made until the 2nd time they hacked the site and caused Google to put me in the sandbox.

 

[FEX Quotes]

Probably a little late, but what is wrong with 644 & 755? There is nothing inherently dangerous with these permissions with PHP files. Most vulnerabilities I have seen with *any* PHP driven site - WP or otherwise, stem from the PHP configuration. One biggie that comes to mind is "register globals". This should be disabled in your php config.

As other have mentioned, keep your WP setup limited to tried and true themes and plugins. PHP is a high level language, easy to learn and even easier to f*** things up.

 

[somarco]

644 is OK as long as someone isn't already in your site that isn't supposed to be there.

755 allows anyone to do whatever they want with the file.

I saw no need to conduct a full forensics exam to find out where the entry point was. More concerned with removing the redirect, the post rewrites and getting them out.

htaccess was vulnerable. I don't recall now what the settings were but the file could be modified by anyone.

Current settings are 404 for most files and 705 for most of the directories.

Beefed up some other areas including access denial to anyone whose IP is outside the US.

 

[FEX Quotes]

Glad you are okay now, but allow me to clear up some misconceptions..

You can't "get in" to a site via .htacess, though having it set too permissive (ie: < 404) is asking for trouble.

There are only 2 ways to get in to a server - FTP/SFTP and the shell. Before the purists come along and try to correct me by pointing out Gopher, Veronica, et al - this is 2012 not 1992

755 does not allow anyone to do whatever they want; that would be reserved for 777

I can tell you with virtual certainty what happened in your case. I doubt anyone accessed and violated your hosting space; you were hit with an SQL injection attack because you installed a poorly written WP plugin.

If someone got into your account, they could have done much more harm than you experienced. In fact, an unauthorized user to your web hosting account could brought the entire machine down taking out thousands of other sites. Don't believe me? Give me shell access to any server and I'll show you what malicious hacking really looks like

644 is OK as long as someone isn't already in your site that isn't supposed to be there.

755 allows anyone to do whatever they want with the file.

I saw no need to conduct a full forensics exam to find out where the entry point was. More concerned with removing the redirect, the post rewrites and getting them out.

htaccess was vulnerable. I don't recall now what the settings were but the file could be modified by anyone.

Current settings are 404 for most files and 705 for most of the directories.

Beefed up some other areas including access denial to anyone whose IP is outside the US.

 

[Mark]

Glad you are okay now, but allow me to clear up some misconceptions..

You can't "get in" to a site via .htacess, though having it set too permissive (ie: < 404) is asking for trouble.

There are only 2 ways to get in to a server - FTP/SFTP and the shell. Before the purists come along and try to correct me by pointing out Gopher, Veronica, et al - this is 2012 not 1992

755 does not allow anyone to do whatever they want; that would be reserved for 777

I can tell you with virtual certainty what happened in your case. I doubt anyone accessed and violated your hosting space; you were hit with an SQL injection attack because you installed a poorly written WP plugin.

If someone got into your account, they could have done much more harm than you experienced. In fact, an unauthorized user to your web hosting account could brought the entire machine down taking out thousands of other sites. Don't believe me? Give me shell access to any server and I'll show you what malicious hacking really looks like

You are the smartest PHP/ SQL and this kind of stuff that I know.