1 Replies - 1382 Views - Last Post: 21 April 2011 - 05:57 AM

#1 gregwhitworth  Icon User is offline

  • Tired.
  • member icon

Reputation: 220
  • View blog
  • Posts: 1,606
  • Joined: 20-January 09

Possible vulnerability in WordPress 2.x

Posted 20 April 2011 - 09:48 AM

One of our Dream.In.Code members recently had an attack of base64 virus, also known as the ninoplas virus. Basically it infects every PHP file with an encrypted string so that when you go to your site it re-directs to a different page of the hackers choosing. This is just a PSA (for lack of a better term) for all WordPress users to upgrade to WordPress 3.1, back up your database and your files. And change your passwords (make sure to make them strong).

Unfortunately scouring the internet it seems that no one knows how this virus gets in but the only constant is WordPress 2.x. So just to be safe UPGRADE and backup so that if you are attacked you can delete it all and re-upload clean files!

For more information on this virus and ways to help prevent it, go here.

Is This A Good Question/Topic? 1
  • +

Replies To: Possible vulnerability in WordPress 2.x

#2 Nykc  Icon User is offline

  • Gentleman of Leisure
  • member icon

Reputation: 736
  • View blog
  • Posts: 8,646
  • Joined: 14-September 07

Re: Possible vulnerability in WordPress 2.x

Posted 21 April 2011 - 05:57 AM

Backup your database regularly as well. (I was the victim of this) I lost about a days worth of work nothing to drastic thankfully. Now I keep all my wp databases current but if it was one of my sites penetrated it was due to an old, unused wordpress install on a subdomain I only used for testing purposes. Every .php file was infected, I had rogue .php scripts with google945345453453353466.php (this long number is random and appears several times in the file) Even my websites that were not running wordpress, just had a .php extension also were infected.

To top it off I would like to share an email apparently from myself to myself raising awareness of the intrusion.

TITLE: D. Derek, our website attacked from your system. Immediately take charge of the your computer !

Change your passwords immediately !
You can try to check on this by running a Online scan, follow the below link to run a online scan on your computer:
Rogue .cz url here

Detail information:
Rogue .cz url here

Try these steps and let us know if it works.
Thanks, NyKc Sports

Thanks Greg!

As for dreamhost support after 48 hours I was told it was beyond their scope of support! Thanks,

I just wiped out the server of all my files, changed over passwords and started to re-load.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1