Renter: ALSO, if there is.

Gilfillan: WordPress is a target, plain and simple

Wesly: Then honestly I suspect something like credentials are compromised or something of the sort

Gosnell: Renter: reinstalling is pure stupidity? lol

Daffron: Guimares, putting the exact same files back in place from before the hack, what prevents them from using the same exploit again, when everything is the same?

Balin: If this is happening across many servers in multiple wordpress installs, and they don’t all share one common plugin, I suspect credentials.

Sellick: Anyone seen the error : Download failed. Problem with the SSL CA cert path? access rights?

Olufson: When updating plugins

Gilfillan: Renter: you have a poor security sense and you’re really not the one to be solving this, if solving it is your goal. you simply have an improper mindset in relation to security

Goldthorpe: Hello everyone, im from Colombia.

Hernandes: Haaga, could be – just strange, if over the weekend, 30 sites I know of, are hacked due to poor credentials there is no relation between any of the blogs different usernames, different companies, different users, different p***words at least not very likely all 30 picked the same p***word. Equally poor? maybe, but still strange they are all hacked within the same week

Molony: Opsec, tell me, how reinstalling the same up2date files as “I” had 2 days ago changes anything regarding being exploited again with the same exploit?

Guzowski: Renter: it all boils down to the lowest common denominator

Tschoepe: Renter did you check your server logs then and system logs

Pirman: If they could exploit it once, they can do it twice, and 3 times, and .

Foderaro: Poiz, unfortunately, I only have limited access to logs on some of the sites they are spread across various web hosts

Gilfillan: Renter: you need to properly ****ise the situation first, which you clearly have not done.

Gilfillan: As i said, you’re not the one to solve this. someone who has more access and can understand what they

Belfiore: Isn’t asking about if there’s something “big” going on a part of identifying the problem?

Messore: Renter: other possible vector not discussed yet. do you have multiple personality disorder?

Solomon: I have a multisite. the registration page wp-signup.php has no css. how do I start debugging this?

Stallings: Renter: , and stop trying to patch up your hacked site. Reinstall or restore your backups. And read

Gilfillan: Please read those links

Clagg: Opsec, I hardly get the webhosters to dig into logs for this

Gilfillan: For this very reason is what we really don’t get into “hacked” sites here.

Bonaguidi: Oh – and you are clearly wrong, I am the one to solve this

Tschoepe: Renter btw there *might* be something big with a plugin, according to sucuri the link above

Tschoepe: But i havent looked into it deeply

Gilfillan: If you don’t have access to the logs, you cannot solve it. not possible.

Lunemann: I read about that thing, but not much info to go for there except you can scan if u are already infected or not

Gilfillan: Go scan all of your sites, start gathering FACTS. rather than poking around willy nilly

Red: That visitorTracker hack, really has almost no information they also write, they have no idea yet – and it targets .js files, not .php files

Neiss: So it doesn’t look like that is the thing

Gilfillan: Fixing hacked sites takes surgical precision. if you don’t have the tools and knowledge, you’re stuck.

Muckey: Renter: you realize that hacks can take place all at different times and infiltrated in different ways across many sites but be activated all at once?

Gilfillan: Through proper containment you can solve the problem and identify the source

Mastoris: Renter: ALSO, if there is one common denominator, it is YOU and YOUR COMPUTER. Creds. could be risked if the device you use to log in to the server accounts or admin screens has a keylogger on it.