samedi 27 décembre 2014

Found an ingeniuos WordPress hack today

One of my clients called about her site being hacked. Granted I have all of the security on it possible, but I have no control over weak server security which is where I'm positive it came from. 3rd time now on this site.



This was a run of the mill code injection, where they edit your theme files or add a file to cause havoc and either redirect your URL or place porn, pharmaceutical or Cheap Ugg Boots links all over your site. The links were appearing one minute and then they weren't there the next. You could see them on some browsers and not others. The one place that it was consistent was the log in screen, even though it was hidden.



I'm usually pretty good at finding them, cleaning them out and protecting against it happening again, but this one had me and tech support at the hosting company stumped. Seriously, they had nothing other than what I'd already done the day before so I was on my own.



Finally I started going file by file in wp-content and saw a plug in that wasn't showing in the dashboard. Turns out it was a fake named "xcalendar" that was somehow in the plug ins folder. I imagine they could name it anything. I kept over looking it because we did have a calendar plug in installed so I imagine they could name it anything to seem legit when glancing at your files.



When I called that company's tech support back to tell them what I found and ask how someone gained access to the server, they really had no answer and proceeded to up sell me ( or rather my client) additional security...which to me says they've given up trying to protect your site and now it's up to you to buy additional services to make up for their weak ass security.



Anyway, that was the first time I'd seen a fake plug in installed on the server so I thought I'd share the experience. Furstrating and not exactly rocket science, but kind of ingenious hiding in plain site like that.



I don't want to call out the host publicly, but if you've read any of my posts about hosting questions it's not hard to figure out who I think is the weakest host in the business.




Aucun commentaire:

Enregistrer un commentaire