Results 1 to 2 of 2
  1. #1
    Join Date
    Feb 2006
    Posts
    466

    PHP and Wordpress root hacked ?? WTF !!!

    About one month ago one of our servers was root hacked. The hacker replaced all index files on the main drive and the backup drive which was mounted writeable at the time since it was updating. Since there was no remote backup (now we have one) these index files were all lost. You can imagine the kind of mess this caused. Over 500 emails. About ten good long term customers lost.

    Now about the same time the official PHP server was root hacked. It is the server that contains the PHP source code. Had the hacker secretly modified code probably nobody would have noticed. Imagine that...any machine updating PHP after that would have been compromised. See:
    http://news.softpedia.com/news/PHP-n...d-190664.shtml

    Now a few days later we can read that the Wordpress server was root hacked, too. Same issue here. Had the hacker secretly replaced source code we would all have downloaded it without noticing thinking we just downloaded a safe new version of wordpress:
    http://en.blog.wordpress.com/2011/04/13/security/

    This makes me wonder what is wrong. I mean our server was administrated properly with grsec, mod_security, SuPHP, SuExec, compilers off, APF firewall, rkhunter, restricted SSH access via IP tables, brute force protection, regularly changed root password, fully updated OS and Cpanel and so forth. And I bet the PHP and Wordpress server were administrated well, too.

    Could it be that there is currently a kernel issue that is just not yet known ? Because I can see servers getting hacked left and right right now. One of the things I did after the attack was to host remote backups in different datacenters but I find it quite concerning that us, PHP and Wordpress were all hacked within one month. Something looks like it's really messed up.

  2. #2
    Join Date
    Jan 2004
    Posts
    593
    I actually saw the same thing about 2 months ago. Wordpress install got hacked and root access to the server was obtained.

Similar Threads

  1. Wordpress Sites being Hacked?
    By pwpeery in forum Hosting Security and Technology
    Replies: 10
    Last Post: 07-14-2010, 12:59 PM
  2. does this mean that root was hacked?
    By sharmaine1111 in forum Hosting Security and Technology
    Replies: 21
    Last Post: 10-13-2009, 03:42 AM
  3. Site Hacked via php script placed in WordPress Uploads directory
    By cnymike in forum Hosting Security and Technology
    Replies: 8
    Last Post: 04-08-2007, 08:38 AM
  4. Server hacked by Un-Root
    By ben_leow in forum Hosting Security and Technology
    Replies: 3
    Last Post: 05-12-2005, 11:26 PM
  5. WTF.... being hacked?
    By Jon FB in forum Web Hosting Lounge
    Replies: 12
    Last Post: 09-12-2003, 07:11 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •