Wordpress - Important!

Discussion in 'General Casino Affiliate Area' started by Guard Dog, Jul 27, 2009.

  1.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Messages:
    7,726
    Likes Received:
    1,148
    Joined:
    Dec 13, 2006
    Update your Wordpress Blog now.

    AGD was hacked because of being .1 revision old. We had Version 2.8.1 and the latest is 2.8.2.

    The hack seems to gain control through FTP and I won't tell you exactly how that happened. It was a vulnerability that let it happen, though.

    The hack allowed a bot to be inserted which changed the index.php and index.html files throughout the website. It is a very back hack that is sweeping the web right now.

    It inserts an iFrame into the site (luckily our pages were NOT working at all because the bot corrupted files when it ran). The iFrame contains dangerous links to websites and is used to gain access to more websites.

    Regardless, it's fixed. All code is restored from a backup prior to the hack and vulnerabilities in Wordpress and vBulletin are fixed. Additionally, higher levels of security are installed and more monitoring will be done in the future.

    What a fun weekend I have had ;)
     
    Last edited: Jul 27, 2009
  2.  
    Engineer

    Engineer Super Moderator

    Messages:
    2,443
    Likes Received:
    200
    Joined:
    Dec 14, 2006
    Thanks for the heads up. I don't use Wordpress, but I'm sure those that do will find this information very helpful.
     
  3.  
    TheGamblingGuru

    TheGamblingGuru Turning Over Stones

    Messages:
    1,048
    Likes Received:
    21
    Joined:
    Jan 23, 2009
    Yep, I also noticed the last few days that I opened the forum up in my firefox browser that all of a sudden an adobe file was automatically started to download...all it was though was just obsurd writing with no links but my AVG stopped it cold...:)

    Glad to hear you have this issue fixed now Andy. Here is a link for you that I read a few weeks back about this adobe issue...

    Adobe software exploit stealing FTP details - Bling @ Ning Northern Rivers Network

    ____
    ____
     
  4.  
    bonustreak

    bonustreak Administrator Staff Member

    Messages:
    3,887
    Likes Received:
    346
    Joined:
    Dec 15, 2006
  5.  
    Bonus Paradise

    Bonus Paradise Affiliate Guard Dog Member

    Messages:
    729
    Likes Received:
    96
    Joined:
    Mar 30, 2008
    Thanks so much for letting others know,
    I am also not using wordpress, but I am sure many do appreciate this info.

    Glad you could fix all, and not more happened,
    yeah you sure had a busy weekend.
     
  6.  
    Pokerworx

    Pokerworx New Member

    Messages:
    4
    Likes Received:
    0
    Joined:
    Jul 27, 2009
    I was here the other day and something istalled on my computer then windows defender poped up listing viruses and my computer got real messed up it installed a thing called system security 2009 and hid it in my computer below is the name and a pic of what happened to my desktop.

    11295154.exe

    C:\ProgramData\11295154\11295154.exe

    sry cant post pics but it changed the dektop backround to sy your infected with spyware secure yourself right now. I still get a popup on the front page I think its an adon though not sure I havent clicked it.
     
  7.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Messages:
    7,726
    Likes Received:
    1,148
    Joined:
    Dec 13, 2006
    ah... crap :( I had hoped I fixed it before anyone got hit. I truly apologize. Myself and a whole server team was working furiously through the weekend.

    I uploaded Kaspersky onto my own machine to flush it out. Seems to have worked. I also uninstalled Firefox and reinstalled it because that would have been the method of transport for anything and didn't want a possible BHO installed.

    Please update your virus programs and rescan if you are worried.

    Symantec is what I had before and it didn't detect anything. I purchased Kaspersky and it found a ton.
     
  8.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Messages:
    7,726
    Likes Received:
    1,148
    Joined:
    Dec 13, 2006
    BTW -

    If anyone needs it... and AGD has caused you a problem due to this hack... PM me and I will purchase Kaspersky for you and in your name.

    Please do not ask me to purchase it if AGD did not cause you problems. It does cost a bit of money. I will, however, purchase it if you had problems because AGD forced a virus download.

    PM me and I will check logs and such to ensure that you hit a page that was infected and then send you a new registration key for Kaspersky.
     
  9.  
    TheGamblingGuru

    TheGamblingGuru Turning Over Stones

    Messages:
    1,048
    Likes Received:
    21
    Joined:
    Jan 23, 2009
    You da man Andy...that's one hell of a generous offer from you there. Hopefully it did not affect too many peeps here. Like I said previously, I caught the download and destroyed it on my computer before it could take hold...so no worries here..:)
     
  10.  
    sipka

    sipka Affiliate Guard Dog Member

    Messages:
    257
    Likes Received:
    0
    Joined:
    Sep 16, 2008
    I am using wp for some little sites, but it says version 2.8.2 and on wordpress.com it also says that the latest release is 2.8.2. Where did you get the 2.8.3?

    I am paranoid when it comes to WP, other than the frontend itself everything else is in a non-web directory and can only be accessed from a fix ip lol and no ftp using though the wp backend, ftp only manually using secure ftp.

    Sorry to hear what has happened and thanks for the wp head up Andy!
     
  11.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Messages:
    7,726
    Likes Received:
    1,148
    Joined:
    Dec 13, 2006
    Sorry about that... fixed my post. I upgraded from 2.8.1 --> 2.8.2 :)
     
  12.  
    dendrite

    dendrite Affiliate Guard Dog Member

    Messages:
    111
    Likes Received:
    0
    Joined:
    Feb 7, 2008
    Is this an example of the wordpress hack, or is this a new one to worry about?

    sportsbettingworld.com

    I have emailed the owner of the site to let him know, in case he hadn't seen it...
     
  13.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Messages:
    7,726
    Likes Received:
    1,148
    Joined:
    Dec 13, 2006
    Site must already be down.

    If it were the same hack, your antivirus would have given you a warning :) If that happened and the code was embedded in an iFrame, then it's definitely possible it was the same.
     
  14.  
    ConsciousWealth

    ConsciousWealth New Member

    Messages:
    6
    Likes Received:
    0
    Joined:
    Jul 28, 2009
    Malware

    Hello

    For anyone that is having problems with their PC this software is excellent and it is available in a free version. I use the free one, I found out about it when my PC pick some infections my anti-virus program was not able to handle and I had to go to a forum that deals with helping in that area, it is one of the things that they had me to used .

    It is called Malwarebyes, you can download the free version at malwarebyetes.org.


    It doesn't replace your anti-virus- but it a compliment when it comes to finding Trojans and other malware that your anti-virus miss. It dose a very deep scan (areas I did not know existed on a PC :)).

    Plus there are Database updates released daily.


    Hope this helps
     
  15.  
    TonyT

    TonyT New Member

    Messages:
    5
    Likes Received:
    0
    Joined:
    Aug 4, 2009
    Thanks for the heads up.

    Going to update mine now.

    Tony
     
  16.  
    TonyT

    TonyT New Member

    Messages:
    5
    Likes Received:
    0
    Joined:
    Aug 4, 2009
    Great post.

    My neighbor had this virus and it will not allow you to access Spy Bot Search and Destroy and other Spywear programs to kill it.

    But the Spyware programmer failed to block access to Malwarebyes and it got rid of it.
     

Share This Page