I guess I'm not busy enough. Someone hacked my site.

March 07, 2018, 08:25 PM

mark123

I've used wordpress blogs as content management for a long, long time. I guess I do get a lot of traffic and still get some hits on old posts even though I don't post much any more.

Someone was able to brute force a password and create an administrator user. This allowed them to install plugins that don't show on the plugin list and put obfuscated malware scripts on each page. It was causing the links to be redirected.

I guess I just didn't have enough to do today.

I seem to have cleaned the garbage and I've password protected the admin directory, changed all passwords, everywhere.

There was really no gain to the hack that I could imagine. It's just malicious for being malicious. Jerks!

If you run a wordpress blog, check for injected scripts in the markup that shouldn't be there.

March 07, 2018, 08:29 PM

tatortodd

That sucks.

On a positive note, if you survive the snowpocalypse your website will be in great shape for spring.

Speaking of snowpocalypse. Were schools shutdown today. You mentioned it was malicious just for being malicious and it might be bored teens.

March 07, 2018, 08:53 PM

SigJacket

Wordpress has long been notorious as full of holes. They found yours.

The point wasn’t to gain something from you directly, other than free malware hosting. Just another drone in the army.

March 07, 2018, 09:18 PM

Woodman

Maybe its time I went to two-step authentication ...

March 07, 2018, 10:38 PM

Xer0

Keylogger on Thousands of Infected WordPress Sites

https://blog.sucuri.net/2017/1...wordpress-sites.html

March 08, 2018, 04:33 AM

egregore

quote:
Someone was able to brute force a password and create an administrator user. This allowed them to install plugins that don't show on the plugin list and put obfuscated malware scripts on each page. It was causing the links to be redirected.

I'll take your word for it.

March 08, 2018, 07:47 AM

BamaJeepster

I had the same thing happen - after getting it back up and running I installed the free version of https://www.wordfence.com/ and haven't had any other issues since.

“Facts are stubborn things; and whatever may be our wishes, our inclinations, or the dictates of our passions, they cannot alter the state of facts and evidence.”
- John Adams

March 08, 2018, 08:46 AM

Woodman

Is this associated with wordpress.org, self-hosted sites?

Or wordpress.com-hosted sites? The .com sites do not have great ability to manipulate code. Some, but not a lot.

March 08, 2018, 10:59 AM

mark123

quote:
Originally posted by BamaJeepster:
I had the same thing happen - after getting it back up and running I installed the free version of https://www.wordfence.com/ and haven't had any other issues since.

I came across that in the early morning and installed it on two sites so far. Thanks.

Oh, I also password protected the wp-admin directories.

March 08, 2018, 04:26 PM

AKSuperDually

UGh. Been there. Still have 3 sites down that I don't have time to fix.

We're considering moving away from WP...and doing something simpler.

I've used securi, but honestly...its just a PITA, and costs money. The hackers still get through it. Our veterans outreach site was under constant attack, and we finally gave up and went back to facebook with it.

~~~~~~~~~~~~~~~~~~~~~~~~~
"The trouble with our Liberal friends...is not that they're ignorant, it's just that they know so much that isn't so." Ronald Reagan, 1964
~~~~~~~~~~~~~~~~~~~~~~~~~~
"Arguing with some people is like playing chess with a pigeon. It doesn't matter how good I am at chess, the pigeon will just take a shit on the board, strut around knocking over all the pieces and act like it won.. and in some cases it will insult you at the same time." DevlDogs55, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~

March 08, 2018, 05:55 PM

Sig M11

quote:
Originally posted by Woodman:
Maybe its time I went to two-step authentication ...

Yup!

https://en.support.wordpress.c...step-authentication/

You should have 2FA on ALL of your accounts.