[wp-testers] Default.widgets.php Hacked? What to do?
Navjot Singh
navjotjsingh at gmail.com
Fri Jul 24 14:03:01 UTC 2009
According to me Hostgator where I am hosted should be a good host or
is it too vulnerable? Shifting is currently not feasible but I am
hardening the security. Confirmed from Hostgator that it was a FTP
hack. Hostgator gave me only the IP address of the spammer. It was
being changed constantly. It kept logging out and logging in and
downloaded index.php files, made the change and uploaded. It logged
out after changing one file.
Don't know if blocking those ips would be of any help.
Regards
Navjot Singh
On Fri, Jul 24, 2009 at 6:54 PM, Otto<otto at ottodestruct.com> wrote:
> While I know that there are viruses that can steal your FTP
> credentials from common software programs, are you sure that that is
> what is going on here?
>
> The most commonplace method I've seen to inject this sort of thing
> into files is simple shared hosting with poor security practices. Once
> a hacker gets into one site on the server, he can run a script that
> simply searches for *.php or *.html and injects his code into anything
> it finds. Thus he's got his code on dozens or hundreds of sites
> instantly. Make the script run every so often, and you keep getting
> "hacked" over and over again.
>
> Solution in this case is two fold:
> 1. Correct the permissions. 755 or 644 for everything. Unfortunately,
> sometimes this is ineffective (poor security config tends to be
> *really* poor).
> 2. Switch hosts to one that knows what they're doing.
>
> While I don't doubt that people have gotten hacked based on stolen FTP
> creds, it seems more likely to me that this sort of code injection is
> done via bad shared hosting instead.
>
> -Otto
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>
More information about the wp-testers
mailing list