Hacks are not specific to WordPress. They happen to all kinds of sites using a variety of different management systems.
That maybe true, but I don’t think so. But you are right, I have no positive proof so I should say: there is a possibility wordpress or some plugin I was using in wordpress has a security exploit that infected my site with malware.
There are no known security issues with WordPress 3.3.1 but did you download all of your plugins & your theme from a trusted source?
Checking your site… http://sitecheck.sucuri.net/results/http://morguefile.com/
No actual malware, but Opera seems to think it’s bad (Google says not).
sucuri.net isn’t finding the malware because I removed wordpress and the blog, then reinstalled the rest of the site. Google blacklisted me this morning.
Plugins:
disqus-comment-system
wptouch
wp-to-twitter
akismet
google-analyticator
wp-super-cache
The site was compromised sometime around Feb 24th 27th, they just used the exploit over the weekend.
The site was compromised sometime around Feb 24th 27th, they just used the exploit over the weekend.
How’d you figure that the site was infiltrated then? Is that just when you installed WP? Do you have any server logs?
(And by the way, have you changed all your passwords?)
Now I am wondering where the exploit is, maybe its not wordpress but its shown up in wordpress. I probably shouldn’t go into a lot more further details until I can figure it out, thanks everyone.
I have this same issue on all of my WordPress 3.3.1 installations. Every single one of them on 5 different hosts have gotten “index.php” files in the main folder and wp-content and wp-admin injected with a malware javascript (the injected code gets added before the opening <?php)
the only way i can stop it is to Chmod my index.php files to 444
Much of the time, WordPress itself isn’t the vector, but a badly coded theme/plugin may be. Or your server may have an issue.
b747fp – If your WordPress CORE files are being changed, it’s probably a PHP security issue on your server, call your webhost.
but why would it be a PHP security issue on 5 different hosts… Godaddy, various Cpanel hosts, and a Plesk host… it only started happening since the 3.3.x upgrades. and many of them use suphp so they dont even have any 777 permissions so i doubt it’s a permission exploit. Godaddy has already denied any responsibility or problems on their end.
@b747fp: Please post your own topic.
