[wp-testers] **Maybe OT** Hacking Problem In 2.7.1

[Paul Robinson]

Hi,

All file permissions are set as WordPress recommends, none have been
changed. My .htaccess has nothing suspect in it just the normal WP code,
supercache code & a maintainence code I have in there that I comment out &
uncomment as I need it.

I had guessed that the Mod_sec logs were a good thing, it just seems odd
that it happens a few minutes after the log times. I had guessed about the
shared server thing, but I contacted the host and they say no other problems
have been reported with any WP installations on my server, I realize that
the hack could still be the same it just seems odd that it has only started
happening in the past few days & that the mod_sec logs are always the same.

I'd guess that it's the same person, but the IP changes although they could
be using a anon proxy rotator or and I just getting to James Bondy here.
lol.

Any other suggestions would be greatly appreciated.

Paul.

2009/4/14 Dougal Campbell <dougal at gunters.org>

> Paul Robinson wrote:
>
>> Hi,
>>
>> I hope the title is descriptive enough & I think it's a little off topic
>> so
>> I've added that.
>>
>> Basically for the last 2 maybe 3 weeks I've had stability problems with my
>> website, I assumed it was down to server problems & asked my host to check
>> it out. Apparently there was no problems. Then the site just stopped
>> working
>> & only showing 500 errors. I download the apache error logs & find this:
>>
>> [...mod_security log msgs...]
>>
>>
>
> That just looks to me like mod_security is doing its job correctly. It's
> showing you that a suspicious request was made, and mod_security blocked it
> according to its rules. This is a Good Thing.
>
>  then after that all processes created by my site a cut by the **shared
>> servers**
>> memory limiting script. [...]
>>
>>
>
> (emphasis mine)
>
> It sounds like you're doing all the right things to secure your site. But,
> if you are running on a shared server, then you can't know for sure that
> other users are securing *their* sites. Once an attacker gets unauthorized
> access, even if it's via some *other* virtual host on the same server as
> you, they can potentially start messing with *your* stuff. If you find
> evidence that your WP install has been compromised in some way, there's a
> good possibility that this is what has happened on your server.
>
> That why I prefer to use a VPS (virtual private server) or other type of
> dedicated host. Its' a little more expensive (but not unreasonably so), but
> worth the peace of mind that you really have the whole server to yourself.
>
> --
> Dougal Campbell <dougal at gunters.org>
> http://dougal.gunters.org/
> http://twitter.com/dougal
> http://twitual.com/
> *Hire me!*
>
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>