Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Sedo.com

Spam Injected Wordpress Theme

Status
Not open for further replies.
Shane

Shane

Account Terminated
Legacy Platinum Member
Joined
Jul 6, 2012
Messages
1,720
Reaction score
354
So I just had to reset my server after receiving a nice message from Google informing that one of my websites was phishing. After a long hour of digging through my files I found a number of contaminated folders. I believe "the travel theme" (http://thetraveltheme.com/) was the source of my headache. Just wanted to warn everyone here just in case they stumble upon this beautifully skinned hell hole. STAY AWAY!
 
dcristo

dcristo

Level 9
Legacy Exclusive Member
Joined
Feb 25, 2005
Messages
3,709
Reaction score
151
It's not spam, it's a malicious attempt to grab banking details from unsuspecting visitors. The hackers use your site to host the fake landing page. I know because I had around a million of these phishing attacks circa xmas time last year.
 
whitebark

whitebark

Level 9
Legacy Platinum Member
Joined
Jul 9, 2006
Messages
3,026
Reaction score
26
Almost said:
So I just had to reset my server after receiving a nice message from Google informing that one of my websites was phishing. After a long hour of digging through my files I found a number of contaminated folders. I believe "the travel theme" (http://thetraveltheme.com/) was the source of my headache. Just wanted to warn everyone here just in case they stumble upon this beautifully skinned hell hole. STAY AWAY!
Click to expand...


timthumb
 
copper

copper

Level 9
Legacy Exclusive Member
Joined
Mar 11, 2006
Messages
2,507
Reaction score
30
Almost said:
So I just had to reset my server after receiving a nice message from Google informing that one of my websites was phishing. After a long hour of digging through my files I found a number of contaminated folders. I believe "the travel theme" (http://thetraveltheme.com/) was the source of my headache. Just wanted to warn everyone here just in case they stumble upon this beautifully skinned hell hole. STAY AWAY!
Click to expand...

Is "the travel theme" THE cause or hacker
injected malicious code into "the travel theme"?
 
dcristo

dcristo

Level 9
Legacy Exclusive Member
Joined
Feb 25, 2005
Messages
3,709
Reaction score
151
The theme would have a security vulnerability it's not the hacker. As suggested above, you should install the timthumb vulnerability scanner plugin.
 
Shane

Shane

Account Terminated
Legacy Platinum Member
Joined
Jul 6, 2012
Messages
1,720
Reaction score
354
dcristo said:
It's not spam, it's a malicious attempt to grab banking details from unsuspecting visitors. The hackers use your site to host the fake landing page. I know because I had around a million of these phishing attacks circa xmas time last year.
Click to expand...

Yes exactly. It's a huge pain in the ass. I'm not sure if it was injected into the theme or if it was someone manipulating a security vulnerability. I'm pretty sure it was part of the the though. After installing the template and adding content I noticed the website was uunusually slow. I'm not an expert with this stuff by anymeans but I wanted to warn you guys about a potentially devastating issue.
 
dcristo

dcristo

Level 9
Legacy Exclusive Member
Joined
Feb 25, 2005
Messages
3,709
Reaction score
151
fwiw you can still use the wp theme. simply identify and delete the phishing files and update the timthumb script using the plugin.
 
Shane

Shane

Account Terminated
Legacy Platinum Member
Joined
Jul 6, 2012
Messages
1,720
Reaction score
354
I was unable to delete the files. I tried with FTP, Plesk and SSH. The files showed up on my FTP client but the server didn't recognize them. It was a bizarre situation. This is my first month with a dedicated server though so I might be overlooking something simple. How do I scan my server for malicious files? Is there a piece of software I can use to help stop this type of problem?
 
Shane

Shane

Account Terminated
Legacy Platinum Member
Joined
Jul 6, 2012
Messages
1,720
Reaction score
354
draggar said:
Great, another thing I need to be paranoid about! :smilewinkgrin:

Is there a specific target niche that the hack is going after?
Click to expand...

It's a travel theme so I'm assuming the travel niche.
 
dcristo

dcristo

Level 9
Legacy Exclusive Member
Joined
Feb 25, 2005
Messages
3,709
Reaction score
151
Almost said:
I was unable to delete the files. I tried with FTP, Plesk and SSH. The files showed up on my FTP client but the server didn't recognize them. It was a bizarre situation. This is my first month with a dedicated server though so I might be overlooking something simple. How do I scan my server for malicious files? Is there a piece of software I can use to help stop this type of problem?
Click to expand...

That would be because your host changed file permissions.


draggar said:
Is there a specific target niche that the hack is going after?
Click to expand...

Any niche. If your short and ugly you would be vulnerable.
 
Status
Not open for further replies.

Similar threads

A
My conversation with Matt Mullenweg about domain names
Replies
0
Views
3K
Andrew Allemann
A
Chappy
  • Locked
Domaining stories: How I snagged an LL.com for under $10K
Replies
18
Views
2K
Theo
Theo
PeterMan
  • Locked
Wordpress site hacked... please help!
Replies
5
Views
1K
imneazmh
imneazmh
dn-101
  • Locked
Woody Allen: Searching for the Name
Replies
0
Views
995
dn-101
dn-101
Collector
  • Locked
New Domain Development Service - Fast Turnaround - 50% Discount Coupon Inside!
Replies
0
Views
698
Collector
Collector

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members Online

Total: 742 (members: 5, guests: 737)

☆ Premium Listings

Sedo - it.com Premiums

IT.com

Premium Members

UKBackorder
Get a .HipHop domain

Latest Comments

Spread the Word!

MariaBuy

New Threads

Our Mods' Businesses

UrlPick.com

*the exceptional businesses of our esteemed moderators

Top Bottom