drcopy
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: 2.9.2 site hackedFYI to all infected by the base 64 code:
I’ve had two sites hit by this attack 3 separate times, each about one week apart. Here are some facts:
> It seems to affect only PHP files. As far as I can tell, the database is not affected.
> It hits both WordPress and non WordPress sites. One of my sites is a simple HTML site with one PHP file to process a contact form. That one file gets hit same as the blog site.
> Changing your passwords won’t help. I have long, complex passwords for my host, login, database, and FTP, and the hack blows right past them.
> Changing your Admin to some other username won’t help.
> All the normal security measures won’t help. I hired a security consultant who specializes in WordPress and he locked down my sites hard, and none of it stopped the attack. Firewall, hiding the login page, hiding the WP version number, you name it, about 20 or 25 changes and nada. Didn’t make any difference.
> Changing hosts won’t help. I’m with GoDaddy, who is admittedly in total denial about this and blaming everything on users no upgrading, but I know people on other hosts who are having the same issue.
> Upgrading to the latest version of WP won’t help. I have always upgraded immediately when new versions have been released. I was on the latest all three times when my sites were hacked. So that explanation is invalid.
> A tech friend decoded some of the base 64 and said it was coming out of China.
> One article I read about this claims it’s an exploit on the PHP Admin panel used by GoDaddy and many other hosts. I don’t know if this is true, but if it is, then hosts are responsible for not finding this hole and fixing it or not upgrading to a better admin panel.
Personally, I’ve settled in to expect this attack until someone finds the issue and does something about it. I can now fix my sites in about 10 minutes each. Here’s how:
I backup frequently and ALWAYS have a complete database backup AND a total backup of every file on both my sites on my personal computer. If the worst happens, I can restore from these.
But since I am with GoDaddy, I use their “history” feature in the file manager. When I see that my sites are infected, I delete every PHP file in the root directory and delete ALL WP folders. Then I go back a day with the history feature and restore all these files. This takes just a few minutes. Done. Problem solved…until the next hack.