Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Wordpress site infected. Why? + Next steps?

  • 05-10-2010 1:41am
    #1
    Registered Users, Registered Users 2 Posts: 3,849 ✭✭✭


    Hello everyone.

    I did a Wordpress site for a friend of mine a couple of months ago.

    Recently, it got infected with some malware thing.

    There was code added to the bottom of some pages, with links to www.addonrock.ru

    My 3 main questions are:

    1 - How could that have happened?
    Is it more likely to have been a rogue plugin, or her crappy hosting provider?


    2 - Google were in touch to notify me that the site had malware, and now there is a malware warning on the google listing for the site.

    Is there a handy way to reinstall the website without losing the template, pages, etc?

    3 - Is there something I can do to prevent an attack in future?

    Thanks in advance for any replies, however brief.


Comments

  • Registered Users, Registered Users 2 Posts: 7,740 ✭✭✭mneylon


    Most of the malware type attacks on Wordpress (and other) sites are either due to:
    • Out of date / vulnerable Wordpress
    • Out of date / vulnerable plugin
    • Virus infection on a user's computer

    It is highly unlikely that the issue is on the host's side.

    Clean it up and make sure that ALL users who have access to it have virus-free computers (also check for spyware etc)

    Once it's completely cleaned up you should be able to get the malware warning removed


  • Registered Users, Registered Users 2 Posts: 1,287 ✭✭✭kevteljeur


    Actually, I did find that Wordpress has a weakness via the .htaccess file, if the permissions are set for the file to be writable by anyone.

    I've had it a couple of times; generally it redirects the whole site to a different, dodgy site, but I suppose it could also add a footer or header by injection (as an Apache SSI). But it's just a suggestion. Blacknight has far more experience than I do :)



    k


  • Registered Users, Registered Users 2 Posts: 511 ✭✭✭D Hayes


    Good article here on how to avoid getting your Wordpress site hacked.


  • Closed Accounts Posts: 9,700 ✭✭✭tricky D


    kevteljeur wrote: »
    Actually, I did find that Wordpress has a weakness via the .htaccess file, if the permissions are set for the file to be writable by anyone.

    I've had it a couple of times; generally it redirects the whole site to a different, dodgy site, but I suppose it could also add a footer or header by injection (as an Apache SSI). But it's just a suggestion. Blacknight has far more experience than I do :)



    k

    Note: Check all your directories for dodgy .htaccess files which might include malicious reirects.


  • Registered Users, Registered Users 2 Posts: 3,849 ✭✭✭condra


    Thanks for the tips everyone. I'm going to tear down the whole site and start from scratch.


  • Advertisement
Advertisement