Hi all, I got an email this morning saying that my dreamhost account has been hacked! They say the cause is most likely a wordpress hack - because of an outdated version. Now, this may be true -- but they reported that the problem was in lots of my domains. Not just the domain with wordpress on it. This means i have to check like 30 websites with LOADs of PHP pages / SWF files etc. Does anyone know any software that can scan php files for code which could allow the hacker back onto my site. Doing this manually could take weeks! Thanks for any help. Abi.
No, i logged into my dreamhost account and it was a real support ticket -- so it was 100% them They gave me some advice on what to do -- Track which files have been changed with ssh... Which i would NEVER be able to do - i had a look but its way above my skills. Remove unneeded files. They didnt actually say change ftp passwords / mysql passwords / or if my webmail was hacked -- but if the hacker could change any file and put new files on my host, i bet it's all messed up I'm thinking about just moving all my sites to hostgator.
Make sure you only run scripts which are don't have any exploits and are the most updated versions. Just google "vBulletin 3.1.3 exploit" on Google, if you can't find nothing, then theirs no public exploit for it.
dreamhost is really a hacker's paradise. I was with them and my sites got hacked several times. Ask Deamhost to upload the backup they have and leave them.
ah, but who offers the unlimited domains, the storage, the bandwidth of dreamhost. Yes, the downtime is a pain in the arse. But in the 2 years i've been with them, my accounts have never been hacked. Who do you use for a host JackHeskett??? Maybe i could get a good host for my main sites. Cheers!
outdated wordpress installations are the problem , the script itself, 30 min ago i saw a topic ( different forum ) related to the same issue "outdated wordpress hacked" but on yahoo hosting.
Abi, You can scan your web sites with my Unmask Parasites tool. It is pretty good at detecting most common WordPress exploits. It also detects hidden links, iframes, scripts and redirects on non-WordPress sites. If it reveals any issues, you will know what you should be looking for to clean up your sites. Any way, read this article to minimize risk of successful hacker attacks against your WordPress blogs. http://codex.wordpress.org/Hardening_WordPress This article also suggests some security scanners.
See my signature for an article (the 0705 "How to clean up" one) that shows how to use a cron job to get a list of all the files in a site. That's at least a start, since you can then search the list for weird names. That's a lot easier than navigating through the site by FTP or cPanel FileManager. You can also use the Linux tool called "grep" to search files for a particular string. You'd do that by cron job, too. If the UnmaskParasites tool reports weird links on your pages, those links or IP addresses would be the text to search for with grep. Whatever else you do, do upgrade WordPress right away. Very important. Since multiple sites were affected, even the non-WP ones, do a thorough virus/spyware scan on your PC to make sure you don't have a keylogger or FTP password-grabber.
abi, If you PM me, I'll scan your site and let you where the code is. You should, as suggested already, upgrade and keep upgrading your wordpress code. Sometimes changing hosting providers just delays the inevitable. We often talk with website owners who feel that free code should already be hack resistant. When their wordpress site gets hacked they want to change to something else. They do and then they find out their new code has been hacked as well for the same reason - they didn't keep it updated. Changing won't make you safe - good security practices will. Anyway, enough preaching. If you want, we'll scan your site and let you know what's needed. (no charge!) Thank you.
As a rule of thumb using any free script you should always keep updated to latest version at all times as most updates were made specifically for exploits and the kiddie scripters go around looking for unupdated sites
Sounds like you have a bad web host. Read my Wordpress Security Guide to learn how to find a good one, and how to lockdown your WP site with free tools and plugins.