Free DUI Checkpoint App

Is Your WordPress Site Hacked?

| October 31, 2012 | 4 Comments
78 Flares Twitter 5 Google+ 1 Facebook 3 StumbleUpon 67 Pin It Share 2 Buffer 0 Filament.io 78 Flares ×

 

wordpresslogo Is Your Wordpress Site Hacked?As I began to use WordPress as my primary platform for development I was able to produce projects much faster and provide my clients with more features at a lower rate. Because of its reliability and ease I continue to use it for most my projects, but also began to look into its hacks and security issues.

I recently began working on recovering a site that had been brought down by goddady because of reported phishing attacks. We were told that we needed to remove a list of files and a specific theme in order for them to bring the site back up. After taking the necessary procedures I contact them and informed them that all files had been removed. When I asked if they will re-scan our site for malicious files I was told no.

I was told that there are lots of small anti-phishing organizations that work with larger cyber security organizations to protect banks and other big businesses. Also that one of these organizations had contacted and informed them that this site was in violation of phishing scams and that it had to be brought down immediately. They were also told that if they did not remove the content that was in violation that this site could not be brought back up. What surprised me most was that the only reason they audited this site was because of the notification that they had received.

I was also informed about a file called timthumb.php which is where the exploit is at, and was advised to avoid using any theme that included this file. Since our theme was dependent of this file I needed to find an alternative solution and avoid completely replacing it.

Apparently many popular themes such as WooThemes, Vilisya, and Bombax are dependent of this file and because of that are prone to this exploit. It also became clear to me that this problem had only recently been discovered and because of that not to many people were aware of it.

Luckily there is a easy solution where all you have to do is ftp and replace the file on your server.

For detailed instructions on how to solve this problem and protect your site click on the link below.
timthumb.php

 Is Your Wordpress Site Hacked?

Tags: , , , , , , , , , , , , , , , , , , ,

Category: Internet, Wordpress

About the Author ()

3 comments
Sort: Newest | Oldest
galfaro
galfaro

Hi Ricks, you are correct. One is able to fix that problem by replacing the file with the updated version. At the end of the post I added a link titled "timthumb.php" and if you click on it you will be taken to another link with a video tutorial on how to fix that problem.

 

I also forgot to mention that after replacing the timthumb.php file, scanning the theme with an anti-virus "which found most of the infected files", and uploaded everything back to the server I was still able to find more files with malicious code. It just seemed to be a build up of hacks and exploits from all the time that the site was not monitored or protected. I used a Wordpress plugin called "Wordfence Security" which found more files that I ended up removing and the site still functioned normal. Of course I had a backup of all the files just in case, but after removing those extra ones the site still functions and continues to function correct. So I would advise that not only you replace that file, but also look into a security plugins if you don't have one all ready.

RicksSekhon
RicksSekhon

 @galfaro Thanks a lot for such a detailed explanation and enlightening the other hidden security bugs and plugins to make your wordpress more secure. Today itself, I am going to install the mentioned plugin and find out how many unwanted files are there which might be deleted.

RicksSekhon
RicksSekhon

Thanks a lot Galfaro for letting us know about this arising issue of wordpress hacking. But I found somewhere that this issue can be sorted out by updating your timthumb.php file to the latest version. Is that true, please let me know.

Trackbacks

  1. [...] Read if you have WordPress: http://northsandiego.org/is-your-wordpress-site-hacked/ Share this:TwitterFacebookDiggRedditStumbleUponPinterestGoogle +1TumblrLinkedInLike this:LikeBe the [...]

78 Flares Twitter 5 Google+ 1 Facebook 3 StumbleUpon 67 Pin It Share 2 Buffer 0 Filament.io 78 Flares ×