Dissection of a Wordpress hack.
Sign up for free
Listen to this episode and many more. Enjoy the best podcasts on Spreaker!
Download and listen anywhere
Download your favorite episodes and enjoy them, wherever you are! Sign up or log in now to access offline listening.
Description
Today on episode 17 of Web Hosting Podcast, Megan and I, dissect a website hack we have been working on. We discuss the how, the what and ways to prevent...
show morePodcast phone line 971 249 2359 is manned by me on Thursdays 9AM PST - 12PM PST. Feel free to call in and press (2) to reach me directly during those hours. If you want to just leave me a message anytime, press (1) and it will send you directly to a voicemail box.
Dissection of a hack we have been dealing with, the topics we cover are.
How we think it happened.
How we cleaned it up.
What could have prevented it.
Info on what we found from sucuri, regarding this specific website hack.
https://blog.sucuri.net/2017/04/wordpress-security-unwanted-redirects-via-infected-javascript-files.html
You will find the plugin I used to find that the wordpress core files had been modified. This plugin is since abandoned by automattic (the makers of wordpress, woocommerce and jetpack to name a few) but it can still be used. You need to download the hash file for the version of wordpress you are using. I would just like to point out that other external and filesystem based scans did NOT find this hack. Only by careful examination of the output of the exploit scanner were we able to find the source of this hack. It is no longer enough to just scan with one tool and think the site is clean. I recommend that you scan with multiple sources if you think you have been hacked, or if a hack keeps coming back after being cleaned. I also, and I can not stress this enough, recommend a daily backup of your website. There are many tools out there that will help you obtain a regular backup to a external location, such as dropbox, s3, ftp, or google drive. There is no reason to not have this setup for your site.
This is the plugin link, https://wordpress.org/plugins/exploit-scanner/
And this is the location of the hash file on github. https://github.com/philipjohn/exploit-scanner-hashes
Information
Author | Tim Yardley |
Organization | engineertim |
Website | - |
Tags |
Copyright 2024 - Spreaker Inc. an iHeartMedia Company