Posts Tagged ‘php’

WordPress Security Issue

Sunday, May 9th, 2010

This weekend there has been a huge attack on websites that are developed using PHP, namely WordPress websites. From the websites I have been monitoring on this issue, right now it’s not really known how the attacker(s) are accessing the PHP files. What is known is that the attack is modifying every PHP file on a server. It appears only websites that are on a shared hosting account are being affected. At this point in time it cannot be said if the attack is targeting websites and accessing them via admin login accounts, ftp accounts, or by direct access to the web servers and running a script to modify every PHP file on that server (This would include all websites on a shared hosting server).

Discovering if your website has been hacked can be done very simple by going to your website, viewing the source file and going all the way to the bottom, right above the </body> tag. If your website has been hacked, you will see a javascript tag with the one of the following URL in it:

//www.indesignstudioinfo.com/ls.php
//zettapetta.com/js.php

If you are using WordPress, logging into your dashboard you will find that it does not display properly. Having your dashboard not displaying properly is a good indication your website has been recently hacked.
If your website has been hacked, there is something you can do about it. You can find directions on how to remove the malware code that has been added to every PHP file on your website by going to http://blog.sucuri.net/2010/05/new-attack-today-against-wordpress.html. There are step by step directions on how to run a script written by Sucuri Security to remove this malware code.

Once you have the code remove, clear the cookies, history and cache saved by your browser. It is not known what information this malware javascript is trying to collect (or what it function is), but clearing these items should keep you safe. You may also want to run your anti-virus software to make sure your computer is clean.
After you have cleaned your browser cache, cookies, and history, you should log into WordPress and change your password. This is just a safety precaution.
I am planning on posting a few security tips for WordPress in the next few days. Come back soon to learn a few steps you can take to help keep your WordPress website safe from being hacked. If you have any questions or if your website has been hacked and what to share how you were able remove the malware, please leave a comment. Sharing knowledge helps to build a safer and more reliable Internet.

Tags: , , , ,
Posted in Resources | 2 Comments »

Updating WordPress issues with 1and1

Saturday, July 25th, 2009

Having issues updating WordPress on a 1and1 server? Only have half your WordPress dashboard showing? Here is what I encounter and how I solved these issues.

A few weeks ago I installed the newest version of WordPress on my web host server, which I use 1and1 web hosting services. Everything was great, until I saw the message at the top of my WordPress dashboard saying there is an updated version available. I clicked on the link to updating my site because I feel it’s important to have the latest version available for reasons such as security, bug fixes, and ensure newer versions of the plug ins I use are compatible.

Once I clicked on the link to updated my WordPress software, I got the message that WordPress was initiating the update. I waited and waited and waited some more, nothing happened. I decided to click on the dashboard and found over half the usual dashboard content missing. I was bewildered by this. I needed to know what went wrong and how to solve this problem so I wouldn’t have this issue in the future.
(more…)

Tags: , , , , ,
Posted in Resources | 2 Comments »