Log In
Members
Home
Add Reply
Add Topic
Topic RSS
1:39 am
August 27, 2011
Offline
QuoteHey everyone, this goes out to all the Wordpress users among us.
Consider this a late warning that you may have already heard about - there's a thing out there called the "timthumb exploit" that allows hackers to gain access to your wordpress site via an image resizing script called timthumb.
Now, I heard about this back in August 2011 when it was first detected but I don't use the timthumb plugin so I figured I was safe. Wrong!
Even if you haven't gone out and installed the timthumb plugin into your Wordpress site - you may be at risk. The reason is that there are dozens if not hundreds of both premium and free themes that incorporate that plugin into their code, so even if you didn't install that plugin in your blog...the script could still be there.
My blog was hacked, I knew something was a little odd - then I started getting hit with viruses left right and center and I eventually clued in that this was happening each time I logged into my admin panel in Wordpress for that particular site. Hopefully I'm the only one who was affected by this...but right now I have no way to know for sure.
I'm not a security expert by any stretch, but I recommend that anyone who has a Wordpress blog download this plugin and check to make sure they don't have the old Timthumb script on their site:
http://clicks.aweber.com/y/ct/.....j6X4NLrobg
That handy little plugin will not only let you know if you have the old one on your site, but will also allow you to upgrade it to the newer and more security hardened version.
Another plugin I recommend is the WP Antivirus plugin that scans your themes for malicious code everyday:
http://wordpress.org/extend/pl.....antivirus/
That's what I used to find the virus on my Wordpress install. Knowing you have a problem is the first step, the next is cleaning up the mess. Many feel that if your Wordpress site has been compromised that you need to backup your data (hopefully you were doing this already) and scrap the entire Wordpress plugins, theme and even the install itself and start over clean. I'm crossing my fingers that I don't have to go that far!
Here's some more info on the problem and how to fix it:
http://www.google.com/search?q.....thumb-hack
Hopefully this helps you out and I also want to take this space to thank Jeff Johnson (though he won't see it since this is a private forum) for reminding me about the Timthumb exploit that I obviously took way too lightly last summer!
2:46 am
June 10, 2011
Offline
Holy shit Mike, thanks for sharing this! Sorry you got hit with it.
Why can't these scumbags find a better use for their skills? I have a waste of space for a nephew who's biggest goal in life, besides being a couch potato, is to create a major computer virus. Seeing as how I can be rather outspoken at times, he goes out of his way to avoid me at family functions. I have absolutly no tolerence for people who do this kind of crap!
What would a jam session with Gordon Lightfoot, Collective Soul, and Damien Rice sound like?
Check out Greg Parke and you’ll have a pretty good idea!
1:40 am
June 7, 2011
Offline
Thanks Mike. I've had themes hacked as well. It's a serious drag. That anti-virus plugin looks helpful.
Having trouble with your marketing? Wish you could have an experienced direct-to-fan marketing expert look over your actual campaigns, music, or content and offer feedback? Or perhaps you’re just looking for a little one-on-one assistance so you can ask questions that pertain to your specific goals and get a second, more experienced, perspective? Click here to book a session with me now.
6:25 pm
August 27, 2011
Offline
Well - it's worse than I thought. I went to a backup all the way back in September (just after getting my backup software) but unfortunately the virus was present all the way back then! So my plan is out the window at this point.
Aside from contacting my hosting service...I'm not sure what I can do. It could be worse, but I don't want to rebuild my entire site from scratch!
John, just wondering - do you know if the virus is inside the theme files, is it safe to upload the content without bringing the virus? This is probably what I'm going to test out next on a separate Wordpress site.
Hopefully everyone else will learn from my mistake!
11:57 pm
October 27, 2011
Offline
Hi Mike,
I'm sorry to hear that. I hadn't really thought much about viruses, so thanks for posting.
I was wondering - What do you use for backing up your site?
Have you heard of Code Garage? http://codegarage.com/
12:38 am
August 27, 2011
Offline
Hi Annie,
Yes, I've heard of Code Garage, but I don't use them. I purchased a wordpress plugin to start backing up my sites back in September, but the virus snuck in prior to my first backup.
I think it's $15/month for Code Garage to backup and monitor up to 10 sites - well worth it in my book, but unfortunately since I'm currently 'under employed' at the moment - even that much I would rather not spend.
1:46 am
August 27, 2011
Offline
Hmm - might have to rethink that Code Garage option - I went to login to my other site (on the same hosting account) and found that my site was gone. In it's place was a fresh wordpress install with the word "bogus" on the header. This is considerably more serious than I thought...so I called my webhosting company right away to get to the bottom of it.
They currently have their security team trying to sniff down what exactly happened. I'm concerned because the site they took out was my main 'breadwinner' so either they got lucky or they're just playing dirty now. I find it hard to believe that it's a coincidence, but it's very odd that the site that was infected with the timthumb exploit - I still have access to (I changed the admin password just to be safe) but my other site was wiped instead.
For those of you who haven't gone through this, let me tell you that it's a rather sickening feeling to see your site gone. I've been working on these sites for almost 5 years now - a considerable chunk of my life. I guess I've been lucky to make it this long without having any issues...
I don't think I'm going to lose any of my content - as I said, I do have backups - it's still a pain in the arse. Sorry for venting here guys...I'm pretty much left hanging until the security team does their thing and we can figure out the best way to get my site(s) back online.
Won't be sleeping much tonight I don't think!
12:22 am
October 28, 2011
Offline
I got hacked really bad last month and I did almost nothing the entire week except try to clean it up and move to another webhost. The host I had told me to install the TimThumb plugin, but my new one said not to. I'm not sure how they got in, but my 3 sites and 3 squeeze pages were all flashing black with a nice big sign that said "Your Site Has Been F****d" but spelled out. That's great for someone who is trying to make it in children's music. It was very stressful, to say the least.
The best advice is to check your Wordpress back office every few days to see if there are any updates and back up once a week. It's a lot to keep up with, but it's better than the alternative.
I use WS_FTP from Ipswitch, which puts all the transfers right in front of me. It's secure, and I feel more comfortable with it rather than a free program. As soon as I back up, I save the backup to an external hard dive.
Hope others can learn from my mistake.
12:56 pm
August 27, 2011
Offline
Hi Leslie,
I was lucky that whoever hacked my site wasn't vulgar or had some sort of political message, as that is often the case with these types of things.
I'm happy to report that my sites appear to be back to normal the past few days - I even hit the major milestone last night of over 100,000 visitors to my main site!
Since I had to do a ton of research on this subject, I plan to put together a guide with the info and resources in one place so that others can hopefully take the steps necessary prior to running into problems. Unfortunately, most of us tend to take for granted that our sites are safe until it's too late.
The way I'm looking at it now, if you're generating any sort of income at all with your websites, or intend to in the future - you're looking to start up a business. If you were attempting to start up a brick and mortar business, you'd have to have it insured; online your insurance is backing up your data and securing your site against intrusion. If you don't have your backside covered in this way, it's the same as having no insurance in real life and having an arsonist torch your business to the ground - Game over.
1 Guest(s)
