Has your WordPress site been hacked recently?
CEO viewpoint, Joomla, WP, other OS apps Author: Tenko Add comments
If you’re using WordPress as your favorite open source blogging platform, chances are pretty high you’ve already heard about the recent security flaw found in the TimThumb plugin fow WP. If you haven’t – you should, cause it’s pretty severe. Here is more info on that:
http://www.websitedefender.com/wordpress-security/timthumb-vulnerability-wordpress-plugins-themes/
The security flaw isn’t a core WordPress vulnerability, so you won’t be vulnerable for just using WordPress. However, the bad news is that a pretty big number of themes out there use the TimThumb plugin in order to operate correctly and therefore TimThumb is included in a lot of WordPress plugins and themes, both free and paid. The result is that there is a good chance you might have the vulnerable TimThumb installed and running on your WordPress even if you don’t really know about it or you don’t care.
The flaw itself is rather stupid – the TimThumb plugin allows uploading files from a list of so called “trusted domains”. Among those domains are “flickr.com”, “picasa.com”, “blogger.com”, etc – all of which you might find useful in case you keep your image gallery there and would like to get an image transferred to your blog at a glance. However, the check is flawed because you can bypass it by using a domain like blogger.com.hacker.com. This domain passes the check but belongs to hacker.com, making the script exploitable. Hackers have already been exploiting this vulnerability in the wild and many many bloggers suffered from it already.
In case you are a WordPress user and have TimThumb installed or even worse – you’ve already been hacked, you might wonder what to do to get things resolved? Well, the good news is there’s already a fix for the plugin available here:
http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/
Along with the good and the bad news in this situation, there’s also a great news for you in case your WordPress is hosted at SiteGround — it should be secured without you doing anything! As always we’ve been trying to take care of our fellow customers without boring them with unnecessary details and overcomplicated technical stuff. After all you’ve entrusted us with your website and its security is our primary goal. So here’s what we did – the day after the exploit went live, which if my memory serves me well, was about a month or so ago – we checked how many people are using the TimThumb plugin. The number was devastating – around 15,000 WP instances had it installed and around 350 of those were already compromised. Obviously upgrading 15,000 WP instances was not an option – it’s a huge number and given the fact there were so many different versions of TimThumb and we needed to ask for customers’ consent prior to upgrading his/her website, it was simply impossible to accomplish. At least not in the short term. So, we decided to find an intelligent and efficient way to deal with the vulnerability before a much larger number of customers were affected. Well, most hosts wouldn’t even bother suggesting a fix as they would define the problem as “beyond the scope of the technical support”, but we try to do it differently and make sure we spare troubles and work to our customers where possible.
And then in just a few hours, one of our System Engineers found the solution, elegant, simple and fast – the TimThumb plugin uses a folder called tmp/cache to store uploaded files. What we did is suspend execution of files from that folder in all WordPress instances. In simple words – if you upload an image – it will work, but if you upload a script (e.g. badass hack script) it won’t. And that magically solved it all with no hassle whatsoever for our customers. We then modified our Apache security module (mod_security) by adding some rules that will prevent execution of the hack, so our customers could be protected by two layers, instead of just one. And then notified the unlucky 350 hacked guys what they should do to get things resolved – namely get rid of the hack and upgrade plugin version. We also offered the service of cleaning the hack and upgrading the plugin to be performed by the Super Heroes @ SiteGround Support Team for the people that felt uncertain how to do it for themselves.
So the answer to the question: “Has your WordPress site been hacked recently?” will disturbingly often be YES in the general case and will most probably be NO if you use SiteGround WordPress hosting.
Tenko
CEO SiteGround
My WordPress Blog was hacked within the last week. The robot is creating about 25 new posts/day which I’m constantly deleting. I’ve changed the password five times, and it’s already too late. It won’t stop. At any moment, the hacker can delete hundreds of my posts. What can I do to remove it? Anything?
Thanks, Clarke Nelson
I have checked our database and it seems that you are not our customer. Otherwise I would recommend you to use our security audit service but since you are not hosted on our servers our support team won’t be able to help you.
I can advice you, however, to temporary lock your site to be accessible from your IP address only. You can do this by adding these lines to the .htaccess file in your root folder:
deny from all
allow from ***put your IP address here***
Once you do that, clear your site from all the unnecessary content. If there is data lost, you can contact your hosting provider to restore your database from their backups. Once your website is clean and everything is in place, you should update your WordPress application and all the plugins you are using to the latest version. Especially, make sure that the TimThumb plugin is updated and you are not using vulnerable version in any of your templates.
Finally you should change all your account passwords including your WordPress, database, control panel and FTP credentials.
I hope that this helps and you won’t have such issues in the future
I have quite a few wordpress sites at siteground so I’m happy that you guys have my back if a vulnerability is found before I can get in and fix it.
This article published by SiteGround makes me feel much confidence, knowing you guys are always on your watch for the latest holes…
Keep up the ogod work!
Siteground….HOST ON ! *thumbs up*
Siteground’s dedication to insuring its customers security is truly reassuring. Thanks!
I’m glad to hear that! I just suffered one of this vulnerability issue but it was very annoying. Please keep doing it so well. You are the best!
I have been with Siteground for several years now and have just yesterday utilized the Website wizard. My friend who is the computer GEEK loves your site and plans to refer it to people. I appreciate the ethical moral values demonstrated by you all. Keep it up. Please don’t be tempted by the dark side of greed and more greed that permeates corporations these days. Oh and I wanted to see how a blog worked because I want to use one in my website.
Mine hasn’t (knock wood). Hope it wont… -Ritu
My personal blog http://www.paulwallas.com recently got hacked. It was a php script that got inserted into the footer of my site which reset my login to a really long character password. Required a brand new install unfortunately.
Awesome news, nice to see you’re taking the security issues very seriously, so all we have to do is… be creative
Thanks so much for such an elegant solution to this!!
Haiku Comment:
My wordpress was hacked
Siteground team to the rescue
No Loss, Biz Good, Thanks
So far, so good, I have not been hacked yet. But, it’s not for lack of trying. I’ve had to turn off comments. Most were not, all kinds of code coming in. Thanks for the great work Siteground.
Getting hacked to death on Halloween is almost expected. I appreciate SiteGround being there to protect me.
As Shakespeare said:
“Eye of newt, and toe of frog,
Wool of bat, and tongue of dog,
Adder’s fork, and blind-worm’s sting,
Lizard’s leg, and owlet’s wing,
For a charm of powerful trouble,
Like a hell-broth boil and bubble.”
Yummy!!!
This is one reason I trust Sitground for all my websites.
Not as far as I know or can see.
Great blog reaffirming my faith in Siteground!
Here’s my silly comment to win an ipad:
There once was a host named siteground
They had the best hosting service around
My sites never crash
And for this Halloween bash
I hope that this comment is found
Haven’t had the issue, but thanks for the detailed info.
I use blogger.com, and I have never had any issues with security. I would be interested in reading an article about the security features compared between these two. Maybe it’s just that blogger isn’t as popular, who knows.
I have one client that is not on siteground that got hacked. My portfolio site on Siteground has never had a problem. Happy Halloween Siteground!
Thanks for the heads up Siteground! Your hosting services always make it easy to set up and maintain WP sites.
MY God, only this afternoon I installed TimThumb as part of the wordpress user-avatar plug in becuase I was expecting lots of new desirable avatars based on spidrs to arrive for Hallo’een. However, I see that Siground, as so often before has solved the problem before I even knew it was a problem. Well done guys and if there is a spare spider cake going for hallo’een, include me in please !!
If your website get hacked, check your logs to see if you can discover how the hack took place. Open source tools like OSSEC can analyze your logs and point to where/how the attack happened. Or better yet ask Site Ground customer service for help. They are the best!
Happy Halloween
This is a great article. I have 3 websites hosted here, all of them using WordPress, this is helpful.
Trick or Treat, Happy Halloween!
This is a good post! Thanks for keeping us up to date on what is going on. I haven’t been hacked but this allows me to take precautions for the future.
Yikes! That is scary, thanks for letting us know. Luckily I am not using that particular plug-in on any of my sites!
Our site was hit as all the folders with .htaccess files in them. What a mess! We couldn’t just install an updated theme because of lots of customization. However, installing the updated timthumb did the trick!
A wonderful hosting site.
Thanks alot for this. My site was taken over by some Russian/German hackers last week. Couldn’t read or understand anything but, thanks to Siteround tech support; they flushed out my server and gave me a brand spanking new one so now im back up and running!
Yet again shows you just can’t trust those gosh darn robots.
No one’s been uploading pictures or anything that I can tell to my site. I HAVE noticed, however, that every once in the while my Moodle install will go all haywire. The appearance will get all funky, and the site will be unusable. If I leave it alone for a bit, then come back to it later, it seems to sort itself out, but it’s a little scary. I rely on this for about 100 university students.
It seems that part of your Moodle application is timing out at some point. It would be the best to post a support ticket in your Help Desk so our support team can check what’s the exact issue and provide you with an adequate advice and assistance.
two of my own sites (wordpress) were hacked in few months time. I know how much headache you have when that happens. Thanks for sharing this article! Good to know more about those things.
It may be the season for scary, but I’m grateful for the elegant solution to this hack! Happy Halloween!
I’m not sure if my site was hacked or not, but recently when I would view my site from work, my anti-virus would say that it quarantined something. I couldn’t find anything out of place, but I recreated the site from scratch anyway, and just imported my database. Didn’t take too long and now I don’t get any warnings.
My sites were recently hacked because of this. I had to start over from scratch. Hope this doesn’t happen to too many more folks.
My sites have been high and dry. Thx, SiteGround, for having my back.
You are the best
To heck with the rest
When it comes to Joomla
You be da boomah…
I send a lot of business to you even though I thought you were HQd in teh UK for some reason. Not sure where the h I got that from. But now I see that you’re at the edge of town. Cool.
Rock on Siteground!
OK Ok not not been broken yet. But that’s not due to a lack of trying. Comments have been disabled. Most do not have any code shortly. Thank you for your Great work Siteground.
Not just in Halloween – SiteGround is the best hosting service any time of the year!
This is worrisome. I also worry about email..I wonder what options are available to eliminate more spam and email based viruses..
Happy Halloween!
As mentioned in this blog post http://blog.siteground.com/more-great-extra-services-from-siteground/ we have a high end anti-spam protection enabled for all our customers. However, we provide an extra layer of protection named Spam Killer as an extra feature. If you want to improve your anti-spam protection, you can order it from your Customer area. It will scan your emails for spam profiles and decrease significantly or even eliminate the spam you are receiving
We fell into that category, a couple of weeks back.
The bad thing was that our website was brought down.
The great thing was that the support were fast enough to work with us through the issue, to bring it up again!
Thanks SG-support!
Glad I read the Halloween special e-mail.. This post might save a certain number of people I know more money than what the prizes offered are worth
Heppy helloween evlybuddy!
best customer service i have ever seen….i have used many other hosting ,but site ground provide best hosting for really low rates..they are the best..they helped me in many ways..i personally recommend siteground to everyone…once you join with them, everything will go fine for your site…thank you site ground for everything
i have wordpress sites and i have the same problems with my sites not hosted in siteground. And after i move my site to siteground wtih clear backups, problem stop, no auto adding or deleting posts.
So thanks for perfect services
Interesting press release. I’ll pass this on to my friends who use wordpress.
I do like 1-2 websites monthly on wordpress for my client and host them on siteground. He never got hacked, guess thanks to hostgator. I also host my web on siteground and I’m very happy with your service and help you provide. Many people using also fame ******tor, but their prices are so high and service is so low, so I always reffer my clients your hosting. You are the best!
What do i need to do to make sure that this does not happen to my word press site? Hope i win the ipad 2
. But seriously what do i do to secure my wordpress site from this hake?
To be hacked, I need to be known first, so I don’t have to worry about this news.
Well yes this is true, Siteground is giving the best services and some times they offer free services as well, i am not worry about hacking because my site is save and i guess my clients’ web sites also.
GO GO Siteground
And Happy Halloween to all members and staff.
Wish you all the best.
Way to go Siteground!!! Thanks for protecting us from the timthumb attack. You’re the best. I feel more secure having my website hosted by siteground.
THE SITEGROUND SERVICES ARE OUTSTANDING, AFFORDABLE AND VERY FRIENDLY TO USE.
I LOVE THE 24X7 LIVECHAT SITEGROUND SERVICE, I HAD NEVER BEEN HACKED. YOU GUYS ARE GOOD AND WELL SECURED.
SITEGROUND FOR LIFE
I have “crawled” around many different hosting and service companies… It always felt like I was floating around aimlessly in the “clouds” …
FINALLY, my site was grounded into a permanent home I could count on…
THANK YOU SITEGROUND!!!!
Good to hear that you have our backs.
As a security conscious professional, I am always looking for services that include security – without making it “optional / add-on”. While I understand that it is a function of costing=>pricing, I am still a wee bit dissatisfied that security is still “not automatically built-in” in the most basic services of siteground. I look forward to a day when it will be.
It is with a conviction so sound
I have chosen “siteground”
A web provider, so profound
Nowhere else can be found
I read information like this and I am reassured how safe our library’s web site is. Our library’s site has been hosted by SiteGround for over 3 years. I don’t have time to worry about how safe our website is. I have been recommending SiteGround to my friends from the beginning. Good Job SiteGround!
Well I have a vBulletin hosted so now, it was not hacked but if you had the feature of Siteground that allow you to make automatically backups activated, it shouldn’t be a problem.
Hackers are the main reason why we all should get it activated.
Siteground allow you to activate many features that are important and usefull for your site this is why I recommend it to all my friends that are asking me from where to get a good hosting.
I can say that Siteground is awesome and I can’t say anything negative about the hosting and the features !
I have had various sites hosted elsewhere and one of the reasons I moved to Siteground was its reputation for affordability and security!
Great Web Hosting. i did lot of research and finally i m convinced in Siteground which has everything to succeed in creating a wonderfull web. Thanks you guys just keep on going
Yeah,its really lucky we have siteground to be protected because there are people that does not have knowledge about security and website. My 2 cents: organize your website WELL (delete unused documents, organize your pages) and you should be able to get an better idea about how your website should be protected!
I test a lot of WordPress sites, and don’t know if any outside of SiteGround are vulnerable. I feel comforted, knowing that the four or five WordPress sites hosted within my Siteground account are secure.
For any future template customizations, I recommend using a “Child Theme” instead of hacking the original theme. This ensures that theme customization remains safe from cracking attempts or upgrades.
I was not aware of this WP security hole till just now. Good thing Site Ground was on top of it! I have since gone thru all my WP sites and closed the PHP hole. thanks for the help and HOPE I WIN THE iPAD! Did I mention the IPAD? I’d take any of the other prizes too but for someone who cannot afford an IPAD…it would truly be a blessing to WIN AN IPAD from SiteGround! Rock on!
I also was not aware of this security hole until I read the site-ground blog. While I don’t host my WordPress site on Siteground, I do host other sites, and will be setting up another site over the next month that will be using both site ground & wordpress. It’s awesome to know Siteground has my back.
Fortunately my WordPress site was built using using RapidWeaver, so no vulnerability for me. *Phew*.
I have referred several people to siteground and have helped 4-5 of them set up wordpress sites with you. Just goes to prove recommending siteground was a good move. Keep up the good work. (http://www.shersonmedia.com/grant/cv/portfolio.php?category=websites – siteground sites – cinemas of nz, animation symposium, history of tv in nz, mediarenacentre, nouveaumanagement…)
Fortunately I havent had any issues but thank you for keeping us posted. Thank you Siteground for your service and have a happy Halloween.
Wish all webhosts were this nice.
On a side note, also wish I didn’t have to look at light blue font to type this comment. Sort of hard to read…
Thanks for “having my back” and taking care of this pesky problem!
Thanks for being one step ahead of this! For those of you who don’t know the TimThumb PHP Script is a custom image-sizing script, that allows you to produce a cropped and sized version of an image.
Thanks for all the help you gave me when I set up my first site.
I didn’t faced any issue but the dedication of siteground to insure their customers for security is truly reassuring. Their support team is also too helping in case of any vulnerable activity.
Thanks
Been with you guys for about 6 years now, and had this happen only once in all that time due to some plugin. Glad to get it resolved in super quick time as had no idea why it was happening. A free plugin called wordpress backup was also recommended which gives peace of mind as creates a backup automatically. Great info in this post too. Cheers siteground
I am linked with you guys since months… and i am really happy with your services.. i had really terrible experience with my previous web hosting company and my wp site was hacked… but its after an year that i am in peace… no hacking, no cracking.. its safe and faster then the previous one…
also your customer services is too cooperative ..
after all.. as final words… i’m in peace with siteground.
Glad site ground step up and took care of it on their servers
Thanks for this article will help us to be careful.
Glad you guys have my back!
This article made me look at my wordpress blog only to discover it’s gone. Not a big loss as it was only set it up for my master’s program so I may have closed due to neglect. However, when I do re-open it I will make sure it’s supported by SiteGround.
Happy halloween
Happy Halloween and thanks for keeping everyone informed of issues like this. Often times when I run into errors and poke around the internet for answers it leads me right back to my hosting home at siteground. Keep up the great work!
Great news and Happy Halloween! Thanks so much for the update and the secure environment you provide for us
SiteGround — all the bells & whistles for an unbeatable price!
We love SiteGround! Been with our business since day one and counting!
On the eve of Halloween,
Take the leap and be seen,
Make Siteground your host of choice,
Doing so will make them rejoice.
i love SiteGround they help with tips and hacks too,what esle can we ask.
Wow!
As always, thanks for keeping our sites safe, Siteground! And Happy Halloween
Still learning, but with Siteground I feel at home!
From Portugal!!!
As a developer for a decent volume of WordPress sites, I always try to research vulnerability of a plugin before installing it for my clients. Of course that won’t always work as sometimes vulnerabilities aren’t always instantly discovered – so I also always back up my client’s database once every two weeks.
Then again sometimes clients update the plugins without letting me know and get themselves into vulnerable plugins that way – so now I just mostly assign clients user roles that cannot install/update plugins. Of course that means that I’d have to update all their plugins but it’s better than knowing that they could get hacked from vulnerable plugins..:)
This is why I’ve always used siteground to host my websites. Thank you Siteground!
…Oh and Happy Halloween!
You can easily scan your WordPress for outdated and vulnerable TimThumb scripts using this WP plugin:
http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/