Gilfillan: WordPress is a target, plain and simple
Wesly: Then honestly I suspect something like credentials are compromised or something of the sort
Gosnell: Renter: reinstalling is pure stupidity? lol
Daffron: Guimares, putting the exact same files back in place from before the hack, what prevents them from using the same exploit again, when everything is the same?
Balin: If this is happening across many servers in multiple wordpress installs, and they don’t all share one common plugin, I suspect credentials.
Sellick: Anyone seen the error : Download failed. Problem with the SSL CA cert path? access rights?
Olufson: When updating plugins
Gilfillan: Renter: you have a poor security sense and you’re really not the one to be solving this, if solving it is your goal. you simply have an improper mindset in relation to security
Goldthorpe: Hello everyone, im from Colombia.
Hernandes: Haaga, could be – just strange, if over the weekend, 30 sites I know of, are hacked due to poor credentials there is no relation between any of the blogs different usernames, different companies, different users, different p***words at least not very likely all 30 picked the same p***word. Equally poor? maybe, but still strange they are all hacked within the same week
Molony: Opsec, tell me, how reinstalling the same up2date files as “I” had 2 days ago changes anything regarding being exploited again with the same exploit?
Guzowski: Renter: it all boils down to the lowest common denominator
Tschoepe: Renter did you check your server logs then and system logs
Pirman: If they could exploit it once, they can do it twice, and 3 times, and .
Foderaro: Poiz, unfortunately, I only have limited access to logs on some of the sites they are spread across various web hosts
Gilfillan: Renter: you need to properly ****ise the situation first, which you clearly have not done.
Gilfillan: As i said, you’re not the one to solve this. someone who has more access and can understand what they
Belfiore: Isn’t asking about if there’s something “big” going on a part of identifying the problem?
Messore: Renter: other possible vector not discussed yet. do you have multiple personality disorder?
Solomon: I have a multisite. the registration page wp-signup.php has no css. how do I start debugging this?
Stallings: Renter: http://codex.----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/FAQ_My_site_was_hacked , and stop trying to patch up your hacked site. Reinstall or restore your backups. And read http://codex.----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/Hardening_WordPress
Gilfillan: Please read those links
Clagg: Opsec, I hardly get the webhosters to dig into logs for this
Gilfillan: For this very reason is what we really don’t get into “hacked” sites here.
Bonaguidi: Oh – and you are clearly wrong, I am the one to solve this
Tschoepe: Renter btw there *might* be something big with a plugin, according to sucuri the link above
Tschoepe: But i havent looked into it deeply
Gilfillan: If you don’t have access to the logs, you cannot solve it. not possible.
Lunemann: I read about that thing, but not much info to go for there except you can scan if u are already infected or not
Gilfillan: Go scan all of your sites, start gathering FACTS. rather than poking around willy nilly
Red: That visitorTracker hack, really has almost no information they also write, they have no idea yet – and it targets .js files, not .php files
Neiss: So it doesn’t look like that is the thing
Gilfillan: Fixing hacked sites takes surgical precision. if you don’t have the tools and knowledge, you’re stuck.
Muckey: Renter: you realize that hacks can take place all at different times and infiltrated in different ways across many sites but be activated all at once?
Gilfillan: Through proper containment you can solve the problem and identify the source
Mastoris: Renter: ALSO, if there is one common denominator, it is YOU and YOUR COMPUTER. Creds. could be risked if the device you use to log in to the server accounts or admin screens has a keylogger on it.