Wordpress site hacked

token101 · 26-05-2013 3:33am #1

A Wordpress site I helped someone set up is giving a malware alert in Chrome and seems to be coming as an attack page in Firefox, it's a virus using the blackhole exploit kit according to my own AVG threat scanner. When I check the URL in Sucuri it comes up fine and the same for AVG. I have no idea whatsoever about web security, I'm going to just to go with a clean reinstall for the sake of it; there's not an enormous amount of stuff on the site so it looks the easiest way. But am I OK to log into the Wordpress site backend or will I need to go through my hosting account to get all my stuff like pictures, posts, etc?

DieselPowered · 26-05-2013 3:39am

Do you know how to FTP to your website root or the hosting location for the website? This will be the easiest way to get your pictures back to your computer before you upload them again to the new fresh install.

If you're not sure you're hosting control panel should explain how to connect via FTP (you will need the FTP IP Address of your account, a user name and password).

If you don't have an FTP program, look at something like Core FTP (google it).

on your new install change the default login user name from admin to something else and make the passwords complex
to avoid some of the security issues with wordpress.

thanks

token101 · 26-05-2013 4:19am

Yeah I used FTP when I uploaded the site (I think), I was using Fillezilla if I remember. I was doing the whole thing for a friend and I pretty much passed the entire thing over to her when I was done with putting the site live, so I can't really remember any of the hosting acc login details all I have is my own details for logging into the backend of Wordpress which I only found by chance.

FTP IP Address of your account, a user name and password)

I'm assuming that the username and password there would those of my hosting account and not the site backend?

Yeah, I never changed the site backend username from admin, that's what ****ed me I reckon. I had fairly secure passwords, but I never realised that having a default username would be problematic.

Thanks for that anyway, appreciated.

DieselPowered · 26-05-2013 12:24pm

token101 wrote: »

I'm assuming that the username and password there would those of my hosting account and not the site backend?

No, the FTP access will be a different login to both your hosting account and your website admin login.

You should be able to find it by logging into your hosting account, click on the domain you have hosted (for this website) and then there should be an option for FTP...or you may need to either re-enable FTP access or 'reset' your password for FTP access.

If you can't find it, google the hosting account provider who ever you are using and then search on Google to see how to they use FTP (each provider can use a different control panel, but the majority can be pretty similar).

eg google....'hosting nameofISP how to access my site via FTP' or something similar. Most will have detailed instructions on how to set it up/reset the password etc.

Thanks

28-05-2013 11:52pm

A new sophisticated and stealthy Apache backdoor meant to drive traffic to malicious websites serving Blackhole exploit kit widely has been detected by Sucuri recently. Researchers claimed that this backdoor affecting hundreds of web servers right now.

Dubbed Linux/Cdorked.A, one of the most sophisticated Apache backdoors we have seen so far. The backdoor leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. All of the information related to the backdoor is stored in shared memory.

Link:
http://thehackernews.com/2013/04/new-apache-backdoor-serving-blackhole.html

Khannie · 29-05-2013 9:00am

That is a very impressive little backdoor. Very impressive.

DieselPowered · 29-05-2013 9:42am

Is there an easy fix to the backdoor? didn't read into it.

Wordpress site hacked

Comments