ANTi-CAP

Sorry but I feel like you are twisting my words. Or possibly I’m not wording things correctly. It happened within a 12 hour period of installing it while I was sleeping. If it was already in the script you guys had better check your download of it as I got it directly from here.

After reading this though it wouldn’t surprise me: http://www.eweek.com/enterprise-apps/wordpress-with-release-4.1-aims-to-be-distraction-free.html
‘One of the most interesting minor fixes in WordPress 4.1 corrects what is labeled by WordPress developers as a “suspicious comment” in a piece of WordPress’ php code. The class.smtp.php file had a comment in it that stated “hacked by Lance Rushing.”‘

I do however fully disagree with your comment of “It was not WP” when it clearly was.

I feel I am coming across as slightly aggressive and if I am I apologise. I am just annoyed as I had some good plans for the site and there is no other blogging software that has what I need to build the website I planned. Luckily it was a fun site not a money site.

The server is secure. It does have other accounts and scripts on it BUT as I keep saying the shell script came about via my WP install that had no plugins or themes installed at the time.

And no I fully understand. I also have a similar time frame of knowledge, probably in slightly different fields but am pretty fluent in PHP/JS/HTML/CSS/MySQL, a bit of ethical hacking and started building mobile chat sites before I even had a decent internet connection (some of which are still up on hotscripts I believe).

Maybe I should go through the logs and work out what exactly the exploit was and on what file but I don’t feel it’s my job in all honesty and have many other paid jobs to be getting on with.

I would love to use WP for the site I had planned, but I can’t compromise the other sites on the server again without getting to the bottom of this :-/

I was referring to soaksoak, not to mention the hundreds of WP sites I have seen defaced over the years.. third party plugins or not you should have some type of vetting process for the code you allow to be hosted on your website, especially when your target audience are in general not tech savvy and can install plugins from the back end of their websites.

Defaced as in they used a root kit to wipe files and upload a quite funky anti-gov message/image/swf (with music) that I actually agree with (I went to speak with them afterwards briefly but their English is not so great).

http://s16.postimg.org/qelvmcskl/Screenshot_38.png <– IMAGE

No the sever is pretty solid, no past hacks or defaced sites (until a matter of hours after putting the first ever vanilla WP install on it). I’m guessing they recently found the exploit and just dorked WP sites as I had no time to remove the mass amount of footprints in the install. They have done at least 4/5 WP4.1 sites I know of today, you can check on hacking archives such as zone-h.

I would expect more “I’ve been hacked” threads shortly TBH.

No I didn’t even bother trying to identify the exploit as it clearly came from the WP install (with no plugins/themes) but could check it out I guess, though I feel it a waste of my time as I don’t plan on using WP again unfortunately, despite it’s good points.

Sorry to be a bit of a grump but WP is just an easy target. I have been building websites for well over ten years and never seen any free/paid open source script get owned as much. Apologies for my lack of quoting also I’m not used to this forum software.

Ah ha!!! It’s Awsome screenshot. It just done it again.. sly…

Regards,
ANTi-CAP

Mmmm. It seems so, I just tried with chrome (with adblock turned off) and don’t see the adverts.

I use FF but have adblock disabled for my site.

EDIT: Issue resolved. Somehow a sneaky addon called ffShopper was added to my FF… strange. Sorry for the time waste, but those are the same adverts shown via WordAds on WP.COM hostsed sites.

Regards,
ANTi-CAP

They are adverts applied to wordpress.com hosted websites with high traffic and an application as far as I can gather.. here are some screen shots. I’m running an alpha version of 4.1, self hosted and they appeared on my site just today:

http://s3.postimg.org/nntl17veb/WA1.png

http://s11.postimg.org/9uim82wdv/WA2.png

Regards,
ANTi-CAP

Okay,

Just I run quite a few websites (non WP) seems you guys are the easiest target. It’s a bit odd to happen on a week old test site Most of the IP’s were Chinese. WP sites are to easy to find (dork) hence all the attacks on high ranking sites IMO.

I’m preferring v4.1 though but think you guys should implement security measures as standard rather than leaving it to plugin DEV’s.

I resolved the issues myself anyway. Fire with Fire.

Regards,
ANTi-CAP