Wordpress Injection Attack?
#1
So I know that there's another recent thread here that's kinda similar, but I was wondering if anyone can provide some insight on this because I really want to make sure that this doesn't happen again. 

Basically I remember installing a plugin or two on my website and then after browsing it the next day, the domain stays the same but the page is entirely different and it's in Japanese too. After looking online for a fix, I read that code is maliciously injected in either the index.php or the header.php file in the theme's folder.

After looking at the index.php file, I found this extra code that was the cause of the problems:

Here is the code that was injected into my index.php: https://pastebin.com/mrvruhBs

I have no idea how that got there. Could the recent plugin I had installed have a vulnerability? If there's a lot of articles on this, then this is a bit common, but none of them explain how this can happen.

EDIT:

It happened again so I installed Wordfence and began a scan. It identified all of the files that possibly opened a backdoor. Here's one of them: https://i.imgur.com/HVfwOvK.png
Just hoping that this doesn't happen a third time. :/
Thank you ZXPlay and FreeVPS for my VPS 7
#2
Plugins can be vulnerable. but the wordpress core is also constantly under attack. it could have been either of these, and the only way to know for sure would be to look up 1) the plugin name plus the word "vulnerability" to see if there were any ones recently reported, or 2) the code itself to see if any of it matches any known wordpress viruses.
#3
Injection Attacks can be a real pain. I remember like 7 years ago Entire Godaddy Server farm got infected and All Godaddy Shared hosting users had to clean their sites. Then there are SQL injection which are even worse.

[Image: img.php?v1=1&userid=8114&txt=1]



#4
Wordpress themes aren't just themes... They are much more and this is a big problem. Some themes are packed with so many custom functions and this is where the devil is hidding. Usually such themes have security issues, too. Those custom functions are basically theme integrated plugins which can as well have security holes. Lots of these themes also stay unmaintained = no fixes for the issues that are inside the theme.

So not only the Wordpress core and plugins but also the themes are a risk. Usually though the attacks and hacks really happen through holes in unmaintained and badly coded but even popular addons.
#5
I always hear people talking about plugins and the need to keep them up to date, but not always the great need to keep the theme up to date, particularly the themes that have so many bells and whistles attached to them. I'd say it's VERY important to check the theme is always up to date and from a reliable source. I personally only use WP themes that come from WP itself at https://wordpress.org/themes/ and I read through all of the theme comments and discussions in word press, particularly the ones in the support discussion to see where all of the vulnerabilities are. It's very easy to pick up if the author of the theme is updating the theme regularly. Either by checking the support discussions for the theme, or logical deduction - once the WP script is updated then a theme update should follow very soon after. If it doesn't, and the changes that were made to the WP script were security ones that logically effect the theme, then that should be a warning signal to watch out for - the author of the theme has lost interest in the theme.

In my experience themes in WordPress don't have a long life from the point of view of the owner being interested enough in it to always keep them up to date. One needs to check up that the owner is still around and interested enough to list the theme as his/her theme. And watch discussions surrounding the theme for any warning signals. Can happen too that a theme gets nulled, like it happened at ThemeForest with an auto sales premium theme that every one liked. ThemeForest just dropped the theme and there were many people out there still using it and since it became vulnerable suffering the consequences of it being hacked into.

I'd be very surprised if a WordPress script itself would be vulnerable for injections. I'm not saying it can't happen, but it has never happened to me yet in all of my WordPress experience. The authors of WordPress script are waiting on it like a hawk. I'd say what is important on the user side is to get the WordPress script to update automatically when the updates become available. That feature is available in the settings.

Have you got WordFence plugin loaded, as that to me is a fantastic must have security plugin provided one also studies it as it comes with hundreds of options in its setup that aren't automatically activated. One needs to study and fine-tune them to one's own specific needs. There is also a premium version available of WordFence if one has a very serious WP site, I haven't gone for the premium yet.
#6
Wordpress itself is well protected if you are updating your website regularly. To prevent the attacks, you should use the themes from trusted sources, and even look where you are downloading the plugins from. Just being honest, i ran many wordpress websites and never faced any attack due to the fact that my Wordpress was always up to date, used trusted plugins and a theme from trusted source.

#7
(2017-09-14, 5:47:04 am)Lampard Wrote: Wordpress itself is well protected if you are updating your website regularly. To prevent the attacks, you should use the themes from trusted sources, and even look where you are downloading the plugins from. Just being honest, i ran many wordpress websites and never faced any attack due to the fact that my Wordpress was always up to date, used trusted plugins and a theme from trusted source.


Injection attacks on Wordpress is always possible.

You will never know which source you can fully trust.

For my serious projects, I would spend some time to check the source codes of the plugins or themes, and remove all the suspected codes/links. It would take some time to do so, but it is the only way to keep my important Wordpress sites safe.




Users browsing this thread: 1 Guest(s)

Switch to mobile version

Sponsors: Ftpit - ZXPlay - GalaxyHostPlus - Verelox- HostUS - HostMada - Host4Fun - Evolution-Host - NodeBlade - HostDare - VPSMost


BitCoin donations: 1DQxbstaTb5SWk6QC2gFeQUTFR64JX4cEo