Been hacked!


#1

we have a website (cnualert.info) and approximately 20 blogs hosted through DH.

Within the past 10 days, our website and one of our blogs have been hacked. Standard “viagra,” “cialis” and “online pharmacy” stuff.

Updated WordPress for the blog on Tues., Sept 29 and the “junk” is back today.

Any thoughts??


#2

See http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites and http://wiki.dreamhost.com/Security

Obivously need to expand scope beyond just upgrading WordPress. At this point it is like a forensics investigation. You’ll need to do some digging to find out what happened.

What are you not doing that you should? Are you keeping the HTTP logs and checking login history? Using rsync to keep an offline incremental backup so you can see which files change over time and for recovery? Disable regular FTP access and possibly enforce password-less SFTP and shell? Move possible targets of attack to their own separate user and group?

Customer since 2000 :cool: openvein.org


#3

PERL hackers.

Chances are high that you, and any other admin/editor users have a Trojan on your computer/s by now which is updating your site files with the hacker’s scripts each time you log in. First step is to clean your connecting PC’s, then reinstall the latest version of WP and edit the config to use your current database.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost