Comments on: Details on the Network Solutions / WordPress mass hack

By: Wordpress Blogs Getting hacked! | Adult Webmaster Blog

Wordpress Blogs Getting hacked! | Adult Webmaster Blog — Mon, 28 Jun 2010 14:12:38 +0000

[...] http://blog.sucuri.net/2010/04/details-on-the-network-solutions-wordpress-mass-hack.html GD Star Ratingloading…Bookmark to: No Comments Posted by Rob in Hosting [...]

By: Ricoh Teknoforce

Ricoh Teknoforce — Mon, 28 Jun 2010 04:39:30 +0000

As a word press user, I would recommend that the php file which stores all user name and passwords should not be made available to every wordpress user unless required by user itself.

By: WordPress Hack and Security Settings – flyingpenguin

WordPress Hack and Security Settings – flyingpenguin — Fri, 11 Jun 2010 06:07:09 +0000

[...] to change the wp-config.php permission to 0640 (instead of 0750). Some have suggested attacks come from shared/co-tenant systems where malicious users search for readable wp-config.php files to steal database [...]

By: Anonymous

Anonymous — Fri, 23 Apr 2010 15:29:28 +0000

I have just gone through all the files of a site that was hacked on NS.(I am a WP developer)

I changed the URL in the database back to the proper name as said here.

Also, I will mention that I found most all index.php files were corrupt. There is a line of xss attack(a script code injection) just after the php code.

So these files might also need to be changed for all of you to access admin properly.
index.php on:

root level/index.php
wp-admin/index.php
wp-content/index.php
wp-content/plugins/index.php

I would check any index.php file you have.
All of these contained the malicious code.

I hope this helps someone.

By: Anonymous

Anonymous — Wed, 21 Apr 2010 11:34:59 +0000

^ So it shows you all fail at understanding Linux. So open a Linux textbook/manpage and read the part on Linux shell permissions.

By: Anonymous

Anonymous — Wed, 21 Apr 2010 11:30:15 +0000

644 is standard, you only get 755 or 777 if you assign rights to it. That said, 755 shouldn't matter at all since the config file doesn't display anything to the browser.

They probably got root at networksolutions, or some SQL injection and did a grep for wordpress databases and injected their stuff.

By: Richard

Richard — Mon, 19 Apr 2010 21:57:49 +0000

How about posting an update? NetSol owned up. Your turn?

http://blog.networksolutions.com/2010/wordpress-is-not-the-issue/

"WordPress is not the issue.

by Shashi Bellamkonda on April 14, 2010

We wanted to respond to the debate and conversations about the recent incident affecting Network Solutions’ WordPress customers. Recently, our customers have complained about malicious code on certain of their blogs hosted by Network Solutions. This was not an issue with WordPress. Sorry to the WordPress community and customers for any misunderstanding. This issue resulted from a complex combination of factors and we own it. We have taken steps to address this issue and we continue to work to protect our customers. Also we wanted to let you know that no personal or sensitive financial information was taken as a result of this issue.

We are learning from this experience. By the way, we like WordPress and continue to use it for a lot of Network Solutions properties such as this blog. Network Solutions customers that need any assistance feel free to email us at listen @ networksolutions.com"

By: Bill Huntley

Bill Huntley — Mon, 19 Apr 2010 17:49:05 +0000

I have been hacked with malicious malware four times in the past two years. My host is Network Solutions. Last week my wordpress blog disappeared and this week my web site is gone. In 2009, Net work Solutions blamed my web developer for the lack of security and,the web developer blamed Network Solutions. My site has been under attack this time since December 09 and I have just paid a ton of money to a web tech guy to clean things up, now only three weeks later my site is gone from the web altogether. My ranking with Google is in the tank and my business is suffering. Who do you trust and how are these problems resolved?

By: Mike

Mike — Sun, 18 Apr 2010 14:51:05 +0000

Of course the above only works if they're using suexec/suphp or similar. If they're not doing that, their security is even more of a joke.

By: Mike

Mike — Sun, 18 Apr 2010 14:30:22 +0000

It is entirely Network Solutions fault.

They should secure the home directories of their users such that other users can not access them even if individual files within those home directories have global read access. Example:

drwxr-x--- 95 mike apache 12288 2010-04-17 17:18 /home/mike

If user mike now creates a globally readable file in his home directory, user fred can't read it...

This is kids stuff...