Jump to content


Photo

Second hacking in one day


  • Please log in to reply
13 replies to this topic

#1 athletics

athletics

    Member

  • Members
  • PipPip
  • 13 posts

Posted 04 August 2011 - 07:03 PM

Hi, My website was hacked twice in one day. I'm sorry to say but it seems that my iBlogPro theme is the door for the hacker. My solution for the moment is to re-upload an iblogpro theme directory and reactivate it and the blog seems to be OK. Any ideas are welcome.... Thanks!!!!

#2 Simon_P

Simon_P

    Messer

  • Administrators
  • 8388607 posts
  • LocationDevon
  • Framework Version:2.0
  • Country: Country Flag

Posted 04 August 2011 - 07:34 PM

I find it hard to believe, what makes you think the theme is a security risk?

#3 athletics

athletics

    Member

  • Members
  • PipPip
  • 13 posts

Posted 04 August 2011 - 08:09 PM

http://markmaunder.c...rdpress-themes/

#4 Simon_P

Simon_P

    Messer

  • Administrators
  • 8388607 posts
  • LocationDevon
  • Framework Version:2.0
  • Country: Country Flag

Posted 04 August 2011 - 08:12 PM

No PageLines themes use TimThumb

#5 athletics

athletics

    Member

  • Members
  • PipPip
  • 13 posts

Posted 04 August 2011 - 08:17 PM

The point is: I solve my issue by uploading iblogpro in a new directory in wp-themes, go to my wordpress administration, activate the new theme and the issue is solved!! my question is why?

#6 Simon_P

Simon_P

    Messer

  • Administrators
  • 8388607 posts
  • LocationDevon
  • Framework Version:2.0
  • Country: Country Flag

Posted 04 August 2011 - 08:27 PM

Your FTP password is compromised? Or a plugin? Or another theme? Or your hosting password? Could be anything. Without logs we cannot tell.

#7 athletics

athletics

    Member

  • Members
  • PipPip
  • 13 posts

Posted 04 August 2011 - 08:34 PM

apparently the plugin w^-databas-backup is insecurely so i desactivate it. i'll see. i have changed my ftp pass and hosting pass. iblogpro is my only theme!

#8 athletics

athletics

    Member

  • Members
  • PipPip
  • 13 posts

Posted 04 August 2011 - 08:38 PM

I've a message from my hosting : I have checked your website and can't see that is hacked, also I have checked your account on the suspicious files, and found the following: /home/xxx/public_html/.htaccess: Suspicious(RewriteRule): RewriteRule ^index.p /home/xxx/public_html/wp-admin/includes/class-wp-filesystem-ssh2.php: Suspicious(phpinfo): phpinfo() streams /home/xxx/public_html/wp-includes/Text/Diff/Engine/shell.php: Suspicious(shell_exec): ogram via shell_exec to comput /home/xxx/public_html/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php: Suspicious(shell_exec): $data = shell_exec($cmd); /home/xxx/public_html/wp-content/themes/iblogpro/sidebar.php: Suspicious(base64_decode): gzinflate(base64_decode('AWF+noF4 Do you understand? Thanks

#9 Simon_P

Simon_P

    Messer

  • Administrators
  • 8388607 posts
  • LocationDevon
  • Framework Version:2.0
  • Country: Country Flag

Posted 04 August 2011 - 08:38 PM

If it insecure DELETE it, disabling hackers can still load the php files. Delete any plugins or themes you do not use. So many people try like 50 plugins and leave 30 or so to go out of date disabled.

#10 athletics

athletics

    Member

  • Members
  • PipPip
  • 13 posts

Posted 04 August 2011 - 08:39 PM

yes, i've already delete it!

#11 Simon_P

Simon_P

    Messer

  • Administrators
  • 8388607 posts
  • LocationDevon
  • Framework Version:2.0
  • Country: Country Flag

Posted 04 August 2011 - 08:39 PM

I'd say delete ALL files, and reupload a fresh wordpress and fresh theme.

#12 Simon_P

Simon_P

    Messer

  • Administrators
  • 8388607 posts
  • LocationDevon
  • Framework Version:2.0
  • Country: Country Flag

Posted 04 August 2011 - 08:45 PM

hang on lol the sidebar should not contain ant base64 These are all normal wordpress files: RewriteRule ^index.php class-wp-filesystem-ssh2.php Text/Diff/Engine/shell.php wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php

#13 athletics

athletics

    Member

  • Members
  • PipPip
  • 13 posts

Posted 04 August 2011 - 09:01 PM

so what should i do with the sidebar?

#14 Simon_P

Simon_P

    Messer

  • Administrators
  • 8388607 posts
  • LocationDevon
  • Framework Version:2.0
  • Country: Country Flag

Posted 04 August 2011 - 09:05 PM

delete everything, re-upload new wp and theme.