i got hacked by something almost exactly like this like 3 months ago. They uploaded a folder called .files with about 2K html files there to each of my folders.
Probably a few million crap files all together. Was a huge pain in the ass to clear all that crap out. After that point I killed all wordpress installs, since it has such a huge target on it's back.
I got a message from my host with a link to your site, where you instructed to download and install a file...and I was 100% sure that it was just just a scam, where you sent out spam messages pretending to be hosts, with a link to the blog post where you were asking me to download malware.
In fact I was in the process of contacting customer support of my host, when I noticed the letter I got in recent history.
You should really spend a little time making it look more legitimate,
If you fail to upgrade immediately, malware is often installed and remains after an upgrade. I missed one site by a day and got infected. The default option to print the WP version in the <head> of each blog would certainly lower the likelihood of a script finding an outdated site. Unfortunately once hacked, truly cleaning the site requires
1. Backing up theme, making list of plugins installed
2. Inspecting theme for any hacks. (difficult if you wrote your own)
3. Deleting _all_ files
4. Walking through the wp_options table for any leftover holes (very difficult)
5. Re-install WP
6. Re-install theme and plugins.
The WP team needs to work in something like you linked to into the core.
17 comments
[ 5.0 ms ] story [ 55.8 ms ] threadOh god no! Don't let it be true!
Probably a few million crap files all together. Was a huge pain in the ass to clear all that crap out. After that point I killed all wordpress installs, since it has such a huge target on it's back.
http://blog.sucuri.net/2010/05/it-is-not-over-seo-spam-on-si...
I got a message from my host with a link to your site, where you instructed to download and install a file...and I was 100% sure that it was just just a scam, where you sent out spam messages pretending to be hosts, with a link to the blog post where you were asking me to download malware.
In fact I was in the process of contacting customer support of my host, when I noticed the letter I got in recent history.
You should really spend a little time making it look more legitimate,
*but I agree, we really need some improvements on our design.
But after hitting your site, I got the impression that it was just a scam site trying to get me to install some malware.
But it is nice to see hosting companies linking to us :) I am still looking for a designer to work on our blog/site.
I work for them 2 days per week, I'm sure we'll be able to help you if you're interested.
Restricting access with .htaccess is a good idea; http://www.themepremium.com/wordpress-security-restrict-wp-c...
1. Backing up theme, making list of plugins installed 2. Inspecting theme for any hacks. (difficult if you wrote your own) 3. Deleting _all_ files 4. Walking through the wp_options table for any leftover holes (very difficult) 5. Re-install WP 6. Re-install theme and plugins.
The WP team needs to work in something like you linked to into the core.
There are a few ideas I'm considering for securing and monitoring WP installations for intrusions.
A few hours ago I didn't know if you were legit. Now I see how considerate you are.
So glad I met you on HN.
http://www.google.ca/#hl=en&q=inurl%3A%2Fwp-includes%2F+...