Comments on: What to do when your blog has a virus

By: aqui_c

aqui_c — Fri, 01 Jul 2011 01:45:15 +0000

Well, my site is now marked as “harmful”, but it seems as a problem with .htaccess file. I don’t know HOW it was modified to redirect traffic to different sites, and it happened to ALL the blogs hosted (and even to a site that does not uses Worpress). Still investigating… But if anybody has a problem, you should check the .htaccess file in the first place.

By: Cyclone103

Cyclone103 — Sat, 25 Jul 2009 21:05:06 +0000

My website was recently hacked, and a malicious worm file distributed itself to all my folders which had perms of at least 755, and even some which did not (idk how, and idc.)

Emanuele, I found out the creator of the script. I will not post their username here however, just in case….

The script is quite nasty, it does basically everything I am afraid of to my files.

Fortunately, it seems whoever left the files on there forgot about em and never ran it.

I have a safe backup.

Can you help me determine the cause of my getting this and how to prevent it? The file is a php one, so I saw in the comments who made it. Would simply blacklisting the script name on the server itself prevent its execution?

PLEASE email me about this, you are the best person for me to ask.

By: Albert

Albert — Mon, 22 Jun 2009 12:12:49 +0000

@Emanuele Feronato: Thanks for sharing… Useful tips.

@swineinflu: No. this malicious threads will not only affect WordPress Blogs. Its main entrance in PHP. If you are using PHP in your site, It will affect your PHP codes and it will insert malicious codes.

If your Host have good security software or Firewall in their server, no need to worry. Or otherwise You need to survive with these threads.

By: Mattias Wirf

Mattias Wirf — Fri, 08 May 2009 07:42:48 +0000

@Brindy: Depends on your need, I can’t stand the blogger.com where you never have full control and if you just wan’t to change a little thing in layout is extremly painful. Wonder what clients would say if you told them “meh, get a blogger-blog instead!” ;)

@Emanuele and others: Great tips, never had a problem so far but I’m going to have an extra look through my blogs now :)

By: Gecko

Gecko — Tue, 05 May 2009 15:56:02 +0000

My website (http://www.lizardproductions.net/) recently got a threatening message from a supposed “hacker” on the main page… I’m only 13 years old and I don’t know much about Dreamweaver, apart from how to make templates and pages and upload them to the server… Has anybody got some tips on how I might be able to prevent my site from possibly being hacked?

By: whywouldyoue-mailme@spoof.wow

whywouldyoue-mailme@spoof.wow — Sun, 03 May 2009 22:24:17 +0000

There is a difference between a “hacker” and “cracker”. A hacker is nice person who find these “bugs” and “loopholes” top stop the evil “crackers” from causing damage. Why do they do it? The n00b crackers (script kiddies) do it so they can be “cool” and look like a “pro”, sadly they find the software on the net and use it XD. Please don’t get the terms mixed up!

By: RipeX

RipeX — Sun, 03 May 2009 20:24:10 +0000

Wow, thanks for the tips, Mike D! :)

By: Mike D

Mike D — Sun, 03 May 2009 04:33:45 +0000

I’ve ran dozens of wordpress sites and never had an issue. But then I pay attention to securing them in the first place.
- Don’t use shared hosting, and if you must, pay very close attention to write permissions on files and directories.
- Don’t use wp- prefix on directories or database
- htaccess the admin directory with a password or ip restriction
- Install as few plugins as possible and never install obscure ones.
- Keep everything updated
- Remove meta generator worpdress version from header and themes

By: swineinflu

swineinflu — Sat, 02 May 2009 08:25:05 +0000

Wow Let me know the virus only attack wordpress? thanks alot tool for cure the virus
Damn hacker!

By: Marcos

Marcos — Sat, 02 May 2009 02:40:21 +0000

But how do they insert the code in the php file? I mean, to edit the php file they must have access to the OS (or ftp), or they don’t?