Results 1 to 10 of 10
Thread: all wordpress blogs hacked
-
04-23-2012, 08:02 AM #1Eternal Learner
- Join Date
- Jul 2007
- Posts
- 2,051
all wordpress blogs hacked
In a strange turn of events, all the wordpress blogs in one of my Cpanel servers got hacked. The homepage of all the blogs show that it has been hacked by 3xp1r3. The strange thing is that all of them have different wordpress themes. If it was the same theme used in all the blogs, I would have thought it was some vulnerability of a particular theme, but here it is a different story. It leads me to believe that it is either some vulnerability in Wordpress or it is because of some malware in Cpanel leading to the hacking of the wordpress blogs. Does anyone know what could be the exact reason and a solution?
Prashant T.
Don't run after Success. Run after Excellence and Success will soon follow.
-
04-23-2012, 08:04 AM #2Web Hosting Master
- Join Date
- Nov 2005
- Location
- /etc/fstab
- Posts
- 1,342
First thing comes in my mind, did you upgrade your Wordpress to 3.3.2 which was released on 20th this month before getting hacked?
Mellowhost - Providing High Quality Web Hosting Services since 2007
SSD Cpanel Shared, SSD OpenVZ & KVM VPS Hosting
A Hosting Provider with Complete SSD VPS & Shared Hosting.
-
04-23-2012, 08:06 AM #3Retired Moderator
- Join Date
- Apr 2003
- Location
- London, UK
- Posts
- 4,721
You mentioned themes, but are the actual wordpress installs and any modules/plugins all up to date?
*edit didn't see that ^ beaten ..
-
04-23-2012, 08:09 AM #4Eternal Learner
- Join Date
- Jul 2007
- Posts
- 2,051
I haven't seen all the wordpress websites' versions. A few of my own were not running the latest version. I upgraded them all now. However, the funny thing is that in the other servers where I have older versions running, none have been hacked. It is only in one server that all the wordpress blogs have been hacked.
Prashant T.
Don't run after Success. Run after Excellence and Success will soon follow.
-
04-23-2012, 08:29 AM #5Retired Moderator
- Join Date
- Apr 2003
- Location
- London, UK
- Posts
- 4,721
I think you just answered your original question. Exploiting one outdated install often gives a fairly easy path to any others on that box.
Different server, you are probably just lucky nobody has queried the sites on that box yet. It's likely only a matter of time, update them!
-
04-23-2012, 09:25 AM #6Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
-
04-30-2012, 01:44 PM #7Disabled
- Join Date
- Apr 2012
- Posts
- 39
Always update the wordpress to latest releases as it fixes all the open vunrablities and check the permission of wp-config too.
-
04-30-2012, 02:16 PM #8Web Hosting Master
- Join Date
- Jun 2003
- Location
- World Wide Web
- Posts
- 581
Prasanth,
One click upgrades on wordpress works quite well but I'd also recommend you to have the wordpress RSS feed configured in your mail client to catch up with latest news and updates from the development team.
You will need it with so many blogs running...
-
04-30-2012, 03:21 PM #9Retired Moderator
- Join Date
- Oct 2004
- Location
- Ohio
- Posts
- 1,668
Updating wordpress alone doesnt solve all the issues. I have seen quite a few hacked installs where the wp core files were up to date, but the user didnt update the theme and the theme was vulnerable and got them hacked. Plugins and themes and core files should all be updated.
-
04-30-2012, 03:59 PM #10Web Host Reviewer
- Join Date
- Feb 2006
- Location
- Kepler 62f
- Posts
- 16,703
|| Need a good host?
|| See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
||
Similar Threads
-
Wordpress blogs being crawled to death
By glace in forum Hosting Security and TechnologyReplies: 3Last Post: 06-10-2011, 07:54 AM -
A number of Wordpress Blogs hacked
By webhostinggeek in forum Hosting Security and TechnologyReplies: 15Last Post: 12-24-2010, 02:08 AM -
2 wordpress blogs and 1 database - How?
By bambinou in forum Programming DiscussionReplies: 19Last Post: 12-01-2010, 05:52 PM -
vps for wordpress blogs
By LawrenceV in forum VPS HostingReplies: 12Last Post: 04-21-2008, 06:07 PM -
Blogs - Wordpress
By SPLForums in forum Web HostingReplies: 5Last Post: 03-02-2005, 03:55 PM