Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Wordpress/paypal phishing hack
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Wordpress/paypal phishing hack

Some of sites on my server got hacked and in all of them hacker created a subdomain like this
paypal.blahblah.blah.blah.blah.mycustomersdomain.com

In all accounts there was a php.ini file in the public_html folder these are the contents of php.ini file

safe_mode=off

disable_functions=
date.timezone = "Europe/London"

And there is a file named wp-apps.php. And there is a folder named paypal.blahblah.blah.blah.blah.mycustomersdomain.com to which the subdomain points to.
I am trying to figure out how to cop with this. Has any of you dealt with this before?

Comments

  • MaouniqueMaounique Host Rep, Veteran

    Many times over. WP is a terrible piece of software regarding security, but most of the blame is on the add-ons.

  • Grab all the logs you can from your server to investigate the point of breach. Then erase and reinstall from scratch (making sure to fix the security vulnerability). You could also restore from a known safe backup (again, patch the vulnerability; and make sure the backup isn't compromised if you go this route).

  • @Maounique said:
    Many times over. WP is a terrible piece of software regarding security, but most of the blame is on the add-ons.

    My experience these days is that WordPress is fine, more or less. Plugins and themes need to be code-reviewed before putting into production though.

    Thanked by 1linuxthefish
  • MaouniqueMaounique Host Rep, Veteran

    @JustAMacUser said:
    My experience these days is that WordPress is fine, more or less. Plugins and themes need to be code-reviewed before putting into production though.

    yeah, something like that.

    Thanked by 1netomx
  • @stallion was the WP site upto date?

  • Problem is most wordpress users are dumb. They install every nulled theme/plugin they can find. They just don't understand.They even don't upgrade their wordpress installation.

    Thanked by 1linuxthefish
  • @wych probably not.

  • postcdpostcd Member
    edited November 2014

    Check this post http://internetlifeforum.com/wordpress/1785-tips-secure-wordpress-prevent-malicious-code-execution-file-modiffication/ there are several tips on how reduce chance this issue repeats. Sometimes is better to just erase files and restore files backup (backup infected data first)

Sign In or Register to comment.