Did you delay updating to 4.7.2?
Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are two.
I did delay updating to 4.7.2. By the looks of what was updated in 4.7.2, there were a number of security issues. Are these issues associated with what I saw?
Yup! Once the announcement of what was patched went out on Feb 1, those who didn’t update were targets.
I see — do you know to what extent the vulnerability was?
Doing a quick check, I just noticed an odd folder in /wp-contents called ‘mu-plugins’. It contained a single ‘sso.php’ file with some code. This folder is neither in my local or GitHub repos.
-
This reply was modified 9 years, 3 months ago by
jmy1138.
mu-plugins is probably installed by your host. Check with them before deleting anything.
In my case this was “Hacked by MrHax” and there was a text widget with malicious code that redirected visitors. Once I deleted the widget code the site looks fine but now I’m struggling with being able to edit posts and delete plugins.
plainplow:
Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are two.
Our Title and Content was replaced with “Hacked by Bala Sniper” (not sure when) and we can not edit anything so we have been unable to update our theme on WordPress or access anything, only the home page with the WordPress menu at the top margin. When we click anything from the menu, it does not allow us to anything and only shows error messages:
Warning: mysql_get_server_info(): No such file or directory in /home/ourwebsite20/ourwebsite.com/wp-content/plugins/avh-first-defense-against-spam/class/avh-fdas.admin.php on line 1614
Warning: mysql_get_server_info(): A link to the server could not be established in /home/ourwebsite20/ourwebsite.com/wp-content/plugins/avh-first-defense-against-spam/class/avh-fdas.admin.php on line 1614
Warning: Cannot modify header information – headers already sent by (output started at /home/ourwebsite20/ourwebsite.com/wp-content/plugins/avh-first-defense-against-spam/class/avh-fdas.admin.php:1614) in /home/ourwebsite20/ourwebsite.com/wp-includes/pluggable.php on line 1179
team wphelp:
Take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
You should all be relieved to know that this “Bala Sniper” is an amateur hacker. All he does is post his silly country flag and victory claim via SQL injection to your site.
That’s why you only can see a post. Nothing else changes. At least that was the experience here.
This happened to one of our project sites around the same time as the others reported here. We have dozens of sites and this never happened before. Ironically, it was also the only WP site we had we no defense in place.
…there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
Let’s suppose I block all IP addresses except mine, if I am the only one who can access ‘/wp-admin/’ and the WP site is on Hostgator, is there a way to hack the site?
That is, assuming one is not trying to access the Hostgator admin account.
