Pages: [1]
|
|
|
Author
|
Topic: Our WP sites including f13.net main page have been hacked (Read 7532 times)
|
Kail
Terracotta Army
Posts: 2858
|
Is anyone else seeing a hidden link for "casino strategies" on the F13 front page, or am I sporting some weird virus?
Edit by Trippy: moved to own topic
|
|
« Last Edit: February 16, 2017, 01:16:07 PM by Trippy »
|
|
|
|
|
Sky
Terracotta Army
Posts: 32117
I love my TV an' hug my TV an' call it 'George'.
|
What's a front page?
|
|
|
|
Trippy
Administrator
Posts: 23621
|
Is anyone else seeing a hidden link for "casino strategies" on the F13 front page, or am I sporting some weird virus?
I see it in the source through Firefox. We've probably been hacked I won't be able to easily work on it until I get home.
|
|
|
|
Yegolev
Moderator
Posts: 24440
2/10 WOULD NOT INGEST
|
Joke's on the hacker, no one reads the front page.
|
Why am I homeless? Why do all you motherfuckers need homes is the real question. They called it The Prayer, its answer was law Mommy come back 'cause the water's all gone
|
|
|
Trippy
Administrator
Posts: 23621
|
It's a honey pot
|
|
|
|
Trippy
Administrator
Posts: 23621
|
Is anyone else seeing a hidden link for "casino strategies" on the F13 front page, or am I sporting some weird virus?
I see it in the source through Firefox. We've probably been hacked I won't be able to easily work on it until I get home. Offending block of code removed. Don't know yet how it got there (so it may come back).
|
|
|
|
jth
Terracotta Army
Posts: 202
|
Offending block of code removed. Don't know yet how it got there (so it may come back).
Looks like it did, and not so hidden this time.
|
|
|
|
Mandella
Terracotta Army
Posts: 1236
|
Time to change the password? Remember to use numbers and a special character! But seriously, I tend to surf in past the front page, should I be worried about anything? I also run browsers protected by noscript and have only clicked on the forum link in forever.
|
|
|
|
Trippy
Administrator
Posts: 23621
|
Offending block of code removed. Don't know yet how it got there (so it may come back).
Looks like it did, and not so hidden this time. Well WP had a huge hole in class-phpmailer.php which was made public in December last year which might be the way they are getting through. Removed that file and one of the injected malware files that likely came through that exploit, removed the offending link (again), and am continuing to scan for other bad stuff.
|
|
|
|
Trippy
Administrator
Posts: 23621
|
But seriously, I tend to surf in past the front page, should I be worried about anything?
I also run browsers protected by noscript and have only clicked on the forum link in forever.
As long as you didn't click the link you should be fine.
|
|
|
|
HaemishM
Staff Emeritus
Posts: 42629
the Confederate flag underneath the stone in my class ring
|
The exploit only really allowed hackers to make new posts on the Wordpress site. It's more of a defacement kind of thing as opposed to a crack the user database thing.
|
|
|
|
JRave
Terracotta Army
Posts: 50
|
Is the double navbar something you caused or is the site still being screwed with?
|
|
|
|
Sky
Terracotta Army
Posts: 32117
I love my TV an' hug my TV an' call it 'George'.
|
Well WP had a huge hole in class-phpmailer.php which was made public in December last year which might be the way they are getting through.
Removed that file and one of the injected malware files that likely came through that exploit, removed the offending link (again), and am continuing to scan for other bad stuff.
Godaddy (I know, shut up) just nuked a ton of shit from an old, unupdated test site I had hanging around. I ran the WP updater after getting the notification, but they seem to be on the ball about making sure that gets dealt with, whether you like it or not.
|
|
|
|
Trippy
Administrator
Posts: 23621
|
We use GoDaddy too but that's cause schild used to work there and we've too lazy to move off of them, though we did explore that option the last time around.
|
|
|
|
Ironwood
Terracotta Army
Posts: 28240
|
Why am I now getting fucking e-mails from Russian Bots purporting to be from f13 ?
I think the PM system got a dick in it now.
|
"Mr Soft Owl has Seen Some Shit." - Sun Tzu
|
|
|
|
Pages: [1]
|
|
|
|