homepage Welcome to WebmasterWorld Guest from 54.227.25.58
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
Frequent malicious scripts injected into page source
SQL Injection? - Wordpress 2.5
Sootah




msg:3739963
 7:16 am on Sep 7, 2008 (gmt 0)

I have a site that has been hacked a few times recently. In fact, one other site I had got hacked just as I was selling it - and that one was primarily HTML.

Anyway, I've no idea how they are doing it. The malicious script entry isn't showing up in the comments section, it's getting added to the actual page source - meaning that I have to actually FTP in to my server and manually remove the link from the template's source to fix the problem.

This happened once recently after I approved some comments, but has since happened after I've approved nothing. The other site that was hacked had a script injected into a straight HTML page.

SQL injection seems the most likely culprit, but because of the plain vanilla HTML page on the other site being affected as well I sort of doubt it.

Anybody else experience anything like this? I've had my site clean for a while and hopefully it doesn't happen again going forward as I contacted the hosting's owner and he apparently hardened the system a bit but I'd still like to know how this is happening.

When hacked my site gets listed as an "attack site" in Google's search results and Firefox (3 at least) displays a warning page before allowing you to access it. This crushes my traffic as most of it comes from The Goog. I actually appreciate this as it prevents people from getting infected and lets me know that I've been had again, but as stated above, my traffic goes right into the #*$!ter until I can clean and Google re-indexes.

Any and all help is appreciated.

Thanks,

-Sootah

 

deMorte




msg:3740284
 6:43 am on Sep 8, 2008 (gmt 0)

I'm not an expert on the subject, but it sounds to me that someone has gained access to your server.

Do you have the same hosting provider for both attacked pages? If so, it is quite possible that they had (maybe still have) a crack in their defenses.

Or maybe someone has acquired your passwords to the system. I'd change all my passwords, just to be on the safe side.

These are the two main reasons I could think of right now.

<edit>I noted after posting that you mentioned WordPress in your headline. I'm not sure how that system works, so maybe the problem isn't server related after at all.</edit>

[edited by: deMorte at 6:50 am (utc) on Sep. 8, 2008]

bwnbwn




msg:3740415
 1:02 pm on Sep 8, 2008 (gmt 0)

U need to udate your wordpress as there have been a ton of them hacked.
[google.com...]
Wordpress is horrible about this so I suggest you stay very current with them. If you have updated then there has been a breach of your ftp and or computer and I suggest a complete password change on all my personal stuff as well as business.

Sootah




msg:3744276
 6:28 pm on Sep 13, 2008 (gmt 0)

I've updated to the latest version of Wordpress as of a couple of nights ago - I've not been hacked in a couple of weeks and with any luck it will stay that way.

We'll see.

Thanks for all of the suggestions.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved