Wordpress - Important!

[Guard Dog]

Update your Wordpress Blog now.

AGD was hacked because of being .1 revision old. We had Version 2.8.1 and the latest is 2.8.2.

The hack seems to gain control through FTP and I won't tell you exactly how that happened. It was a vulnerability that let it happen, though.

The hack allowed a bot to be inserted which changed the index.php and index.html files throughout the website. It is a very back hack that is sweeping the web right now.

It inserts an iFrame into the site (luckily our pages were NOT working at all because the bot corrupted files when it ran). The iFrame contains dangerous links to websites and is used to gain access to more websites.

Regardless, it's fixed. All code is restored from a backup prior to the hack and vulnerabilities in Wordpress and vBulletin are fixed. Additionally, higher levels of security are installed and more monitoring will be done in the future.

What a fun weekend I have had

 

[Engineer]

Thanks for the heads up. I don't use Wordpress, but I'm sure those that do will find this information very helpful.

 

[TheGamblingGuru]

Yep, I also noticed the last few days that I opened the forum up in my firefox browser that all of a sudden an adobe file was automatically started to download...all it was though was just obsurd writing with no links but my AVG stopped it cold...

Glad to hear you have this issue fixed now Andy. Here is a link for you that I read a few weeks back about this adobe issue...

Adobe software exploit stealing FTP details - Bling @ Ning Northern Rivers Network

____
____

 

[bonustreak]

Thanks so much!!

 

[Bonus Paradise]

Thanks so much for letting others know,
I am also not using wordpress, but I am sure many do appreciate this info.

Glad you could fix all, and not more happened,
yeah you sure had a busy weekend.

 

[Pokerworx]

I was here the other day and something istalled on my computer then windows defender poped up listing viruses and my computer got real messed up it installed a thing called system security 2009 and hid it in my computer below is the name and a pic of what happened to my desktop.

11295154.exe

C:\ProgramData\11295154\11295154.exe

sry cant post pics but it changed the dektop backround to sy your infected with spyware secure yourself right now. I still get a popup on the front page I think its an adon though not sure I havent clicked it.

 

[Guard Dog]

ah... crap I had hoped I fixed it before anyone got hit. I truly apologize. Myself and a whole server team was working furiously through the weekend.

I uploaded Kaspersky onto my own machine to flush it out. Seems to have worked. I also uninstalled Firefox and reinstalled it because that would have been the method of transport for anything and didn't want a possible BHO installed.

Please update your virus programs and rescan if you are worried.

Symantec is what I had before and it didn't detect anything. I purchased Kaspersky and it found a ton.

 

[Guard Dog]

BTW -

If anyone needs it... and AGD has caused you a problem due to this hack... PM me and I will purchase Kaspersky for you and in your name.

Please do not ask me to purchase it if AGD did not cause you problems. It does cost a bit of money. I will, however, purchase it if you had problems because AGD forced a virus download.

PM me and I will check logs and such to ensure that you hit a page that was infected and then send you a new registration key for Kaspersky.

 

[TheGamblingGuru]

BTW -

If anyone needs it... and AGD has caused you a problem due to this hack... PM me and I will purchase Kaspersky for you and in your name.

Please do not ask me to purchase it if AGD did not cause you problems. It does cost a bit of money. I will, however, purchase it if you had problems because AGD forced a virus download.

PM me and I will check logs and such to ensure that you hit a page that was infected and then send you a new registration key for Kaspersky.

You da man Andy...that's one hell of a generous offer from you there. Hopefully it did not affect too many peeps here. Like I said previously, I caught the download and destroyed it on my computer before it could take hold...so no worries here..

 

[sipka]

I am using wp for some little sites, but it says version 2.8.2 and on wordpress.com it also says that the latest release is 2.8.2. Where did you get the 2.8.3?

I am paranoid when it comes to WP, other than the frontend itself everything else is in a non-web directory and can only be accessed from a fix ip lol and no ftp using though the wp backend, ftp only manually using secure ftp.

Sorry to hear what has happened and thanks for the wp head up Andy!

 

[Guard Dog]

I am using wp for some little sites, but it says version 2.8.2 and on wordpress.com it also says that the latest release is 2.8.2. Where did you get the 2.8.3?

Sorry about that... fixed my post. I upgraded from 2.8.1 --> 2.8.2

 

[dendrite]

Is this an example of the wordpress hack, or is this a new one to worry about?

sportsbettingworld.com

I have emailed the owner of the site to let him know, in case he hadn't seen it...

 

[Guard Dog]

Site must already be down.

If it were the same hack, your antivirus would have given you a warning If that happened and the code was embedded in an iFrame, then it's definitely possible it was the same.

 

[ConsciousWealth]

Malware

Hello

For anyone that is having problems with their PC this software is excellent and it is available in a free version. I use the free one, I found out about it when my PC pick some infections my anti-virus program was not able to handle and I had to go to a forum that deals with helping in that area, it is one of the things that they had me to used .

It is called Malwarebyes, you can download the free version at malwarebyetes.org.


It doesn't replace your anti-virus- but it a compliment when it comes to finding Trojans and other malware that your anti-virus miss. It dose a very deep scan (areas I did not know existed on a PC ).

Plus there are Database updates released daily.


Hope this helps

 

[TonyT]

Thanks for the heads up.

Going to update mine now.

Tony

 

[TonyT]

Great post.

My neighbor had this virus and it will not allow you to access Spy Bot Search and Destroy and other Spywear programs to kill it.

But the Spyware programmer failed to block access to Malwarebyes and it got rid of it.