Site hacked ~ Check your Google cache NOW!

I don't see any evidence that this is a WP (or any other) exploit.

I suggest a chkrootkit on the box itself. More than likely the machine is compromised.

 

If you are the link between those, maybe they sniffed your FTP packages. Do you use FTP over SSH? Or the neighbour donating the wireless isn't so dumb after all...

 

Maybe not, but all the passwords were changed and I'm pretty sure they live in the UK anyway. :|

I haven't accessed all the sites via cpanel/ftp or whatever either...

 

Some more for those that understand more than me

http://www.jaguarpc.com/forums/showthread.php?t=13305
http://www.xoops.org/modules/newbb/viewtopic.php?viewmode=flat&order=ASC&topic_id=37659&forum=20
http://users.757.org/~ethan/blog/

 

Damn, is this a virus on their server, or an exploit in a publishing tool, or what?

Is this a computer virus designed to affect SEO?

 

Its not designed to rank anything, but does pull your sites down. Anyone with a solution would be very handy right about now..

 

Well, someone mentioned that it contained links to porn and hacker sites. In which case it could drastically affect your SERPs.

Again I know little about hacking or anything you guys are saying. So, I'm not sure that I'm right. I'm in foreign country.

Edit:

Yup. I want one. NOW!!! *tantrum*

Skinny

 

You'll want one more when your sites are losing cash as a result of it...

Really, I'll pay to get this fixed.

 

I have lost a reasonable amount amount of money + will lose more.

 

That one has some pointers.

It abuses register_globals and known tmp/ folders they know are set to 777. That's why it's not so much just WP or any package, it's any popular PHP platform they know uses register_globals and writable folders. From there on it's easy.

If you disable file wrappers like fopen etc. at least the server will be mostly useless in terms of them getting new stuff on it.

Sounds pretty deep all. I'm glad the software I use hasn't been mentioned in any of those threads.

Seems a bit silly they take the sites down without demanding ransom. Taking them down prevents them to gain from the actions. It seems automated but automated in a bad way. The automation seems to break the pages.

 

Sorry SEBasic. I didn't mean that sarcastically. I want a solution to this thing too. Any website seems open to this thing.

I would lose money if this thing hit and sympathize with anyone who has.

Skinny

 

Guys I have a question. Like I said I know nothing about this but TOPS you said

So, I use WP on my site. Does anything need to be 777? Is anything set to that by default?

Could I change it and not cause problems?

Skinny

 

I didn't take it as that...

T0PS, you fancy taking a look at it?

 

On wordpress I believe files should be set to 644 and folders to 755.

 

It's not universal, some need to be executable...

 

The thing is, on a shared hosting environment you are not in control.

If you CAN edit php.ini and httpd.conf you can do at least this:

Disable file wrappers
Disable register globals

Use FTP over SSH

Rename all standard installation folders and files.

Take regular back-ups yourself and verify their integrity. You don't want to be backing up infected/exploited code like the guy in the quoted thread did.

Don't CHMOD 777 folders if you can avoid it.

Modify OS scripts so they can't be recognised as those scripts. Pay the coder if you feel bad about removing fingerprints.

Lock down FTP and SSH access to your server via your well configured firewall. Allow just your office IP to access it (and make sure those PCs aren't phooked).

Use mod rewrite to change filename appearance entirely. Switch off the PHP easter eggs and anything that gives away your server setup.

Don't lead them to secret folders via your robots.txt

Study htaccess usage.

Study security and get a good host. Get someone else to check your setup.

That's just a few things you can do pro-actively.

EDIT: No, I don't fancy taking a look... Sorry. It could be anything and I don't know WP. And on a shared environment it would be working with someone else's tools. And besides, it may seem I know the odd thing here but I'm really not that good with server configutation. That's why I have expensive host who answer the phone within 3 rings and on average solve all my tickets within 12 minutes.

I'd give up on those server's, it's the quickest thing to do. Get an environment where you control the security. I've given up on the idea to use separate c class domains for SEO purposes, Google knows who you are anyway. That's why one server is just fine IMO.

 

Done that, cheers...

T0PS, I'll try giving that a go.

Edit

I thought I'd give it a go

Aside from that, this isn't a particularly cheap hosting plan, the host is usually pretty stable, and it's a pretty reputable company...

 

Thanks Guys

 

If it was my bad (As I did the coding), is there any way I can avoid that happening?

Also, anyone know what this does?

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

I'm gonna let the host know about this asap.