We have moved to a new site!

This site will remain open only so you can copy anything you need, such as critques. Do so quickly because the old Forward Motion boards will soon disappear.

Are you ready for the new site? You must create a new login, but the chat login will remain the same as here for now. Click here to join us at the new

Forward Motion for Writers

See you there!

Site Search:
POST DISABLED Printer-friendly copy LOGIN
Lobby 2. Welcome Main Community Discussion Board topic #91069
View in threaded mode

Subject: "WordPress exploit found" Previous topic | Next topic
Mesg #91069 "WordPress exploit found"
Author MarFisk     Click to send email to this author Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to send message via AOL IM
Author Info Member since Dec 22nd 2002
44599 posts
Date Mon Jul-02-12 07:36 PM
Message
  

  

        


My hubby pointed this out to me and I mentioned it on my goals post (securing the sites I support) and realized many of you might use WordPress too. Here's the article that tells what the problem is and how to fix it.

http://itpixie.com/2012/06/wordpress-exploit-alert-uploadify-php/#.T-l1PnB9krU

Also, Tigertech offers the reminder to remove old plugins and themes that you are not using because they can be breeding grounds for potential hacks and exploits and you won't notice until too late because you're not actively using them.

~~~~~~Signature's Off~~~~~~

  

Alert | IP Printer-friendly copy | Reply Disabled | Top

Replies to this topic
Mesg #91070 "RE: WordPress exploit found"
Author jschara     Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list
Author Info Member since Sep 07th 2002
7507 posts
Date Tue Jul-03-12 07:03 AM
Message
  

  

        

In response to Reply # 0

I noticed this when I found a ton of 404 errors logged. I'm thinking I'm glad they didn't find those files.

~~~~~~Signature's Off~~~~~~

  

Alert | IP Printer-friendly copy | Reply Disabled | Top

Mesg #91071 "RE: WordPress exploit found"
Author worthywoman     Click to send email to this author Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list
Author Info Member since Sep 11th 2003
986 posts
Date Tue Jul-03-12 11:40 AM
Message
  

  

        

In response to Reply # 0

Thank you so much for this! Now that I am not a student anymore, and I need to pay attention to this kind of nonsense…

Lisa S – Beginning Again!

  

Alert | IP Printer-friendly copy | Reply Disabled | Top

Mesg #91072 "RE: WordPress exploit found"
Author MarFisk     Click to send email to this author Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to send message via AOL IM
Author Info Member since Dec 22nd 2002
44599 posts
Date Tue Jul-03-12 01:48 PM
Message
  

  

        

In response to Reply # 1

Sadly, that means that those files were findable before and probably used. TigerTech said they'd had to help out a few people affected already.

~~~~~~Signature's Off~~~~~~

  

Alert | IP Printer-friendly copy | Reply Disabled | Top

Mesg #91073 "RE: WordPress exploit found"
Author MarFisk     Click to send email to this author Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to send message via AOL IM
Author Info Member since Dec 22nd 2002
44599 posts
Date Tue Jul-03-12 01:48 PM
Message
  

  

        

In response to Reply # 2

Glad to help .

~~~~~~Signature's Off~~~~~~

  

Alert | IP Printer-friendly copy | Reply Disabled | Top

Mesg #91074 "RE: WordPress exploit found"
Author Dreamerscove     Click to send email to this author Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list
Author Info Member since Sep 25th 2007
1581 posts
Date Tue Jul-03-12 02:31 PM
Message
  

  

        

In response to Reply # 0

Thanks for the note. As those in Chat know, my wordpress site was hacked into on June 29th. A very unhappy day.

I went through the link you provided, but did not find in the list anything that I used, but they still got in. The one thing that saved me was that I did a backup of the website not long ago.

So, backup often. Use a different user account to post than what you use as an Admin. Use strong passwords. There are also a number of good free Wordpress plugins to use to enhance security. Delete any unused themes and plugins as suggested. Keep your Wordpress and themes and plugins up-to-date with the latest versions.

I hope no one has to do what I did to get their website clean again.

~~~~~~Signature's Off~~~~~~

  

Alert | IP Printer-friendly copy | Reply Disabled | Top

Mesg #91076 "RE: WordPress exploit found"
Author MarFisk     Click to send email to this author Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to send message via AOL IM
Author Info Member since Dec 22nd 2002
44599 posts
Date Tue Jul-03-12 06:22 PM
Message
  

  

        

In response to Reply # 5

Ouch. Yes, hackers always find a way in somehow, but the more you can keep your site secure, the more likely they'll find an easier target.

~~~~~~Signature's Off~~~~~~

  

Alert | IP Printer-friendly copy | Reply Disabled | Top

Mesg #91081 "RE: WordPress exploit found"
Author jschara     Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list
Author Info Member since Sep 07th 2002
7507 posts
Date Thu Jul-05-12 08:32 PM
Message
  

  

        

In response to Reply # 3

I just checked, and none of those files have ever been on my system. I've never used any of the plug-ins they are looking for.

~~~~~~Signature's Off~~~~~~

  

Alert | IP Printer-friendly copy | Reply Disabled | Top

Mesg #91082 "RE: WordPress exploit found"
Author MarFisk     Click to send email to this author Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to send message via AOL IM
Author Info Member since Dec 22nd 2002
44599 posts
Date Fri Jul-06-12 01:16 AM
Message
  

  

        

In response to Reply # 7

Good . Of the umpteen sites I've checked, only one had them so far, but it's worth knowing.

~~~~~~Signature's Off~~~~~~

  

Alert | IP Printer-friendly copy | Reply Disabled | Top

Mesg #91087 "RE: WordPress exploit found"
Author jschara     Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list
Author Info Member since Sep 07th 2002
7507 posts
Date Fri Jul-06-12 05:06 PM
Message
  

  

        

In response to Reply # 8

I think it helps that if I'm not using a plug-in, I delete it. The newer WP feature of automatically offering to update plug-ins helps, too.

I probably use more plug-ins than I should, but I do try to limit the ones I do use. The most I use is 12, and I'm looking for ways to reduce that number.

~~~~~~Signature's Off~~~~~~

  

Alert | IP Printer-friendly copy | Reply Disabled | Top

Mesg #91089 "RE: WordPress exploit found"
Author MarFisk     Click to send email to this author Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to send message via AOL IM
Author Info Member since Dec 22nd 2002
44599 posts
Date Fri Jul-06-12 09:42 PM
Message
  

  

        

In response to Reply # 9

Yes, the auto update is one of the reasons I recommend wp, especially to non-techies.

~~~~~~Signature's Off~~~~~~

  

Alert | IP Printer-friendly copy | Reply Disabled | Top

Lobby 2. Welcome Main Community Discussion Board topic #91069 Previous topic | Next topic
Powered by DCForum+ Version 1.2 for Forward Motion Writers' Community
Copyright 1997-2003 DCScripts.com

TigerTech