WebFaction
Community site: login faq

This is the second time in a month that I've been maliciously hacked; this time it's spread across almost all my domains on my WebFaction account. I'm diligent about keeping my WordPress installs up to date, and my passwords reasonably elaborate.

Last time this happened, I:

  • changed my SSH, database and control panel passwords;
  • checked my cron jobs;
  • confirmed I didn't have any public or private keys to ssh into the server.

Anything else I should be doing? I don't have any account access at the moment, so I can't do much else, but... well, what else is there to be done? I'm using 25-character random passwords like i(97JK{a],dklkfIWM!@~79uIKBb, not like "password" or "mydogfred" or whatnot. I'm at a loss.

asked 13 May '12, 08:28

mattshepherd
4551930
accept rate: 0%


Hi Matt,

For popular applications such as WordPress, you need to stay on top of the newly discovered vulnerabilities and update WordPress, its themes and plugins as soon as possible.

I've investigated your last incident and found the vulnerability that was used - a theme in one of your sites had a vulnerable search form processor (searchform.php).

In other words, just updating WordPress to the latest version is not enough, you need to make sure that your themes and plugins aren't vulnerable as well.

permanent link

answered 13 May '12, 09:55

todork
1.2k5
accept rate: 34%

edited 13 May '12, 11:05

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×45
×5
×1

question asked: 13 May '12, 08:28

question was seen: 3,134 times

last updated: 13 May '12, 11:05

                              
WEBFACTION
REACH US
SUPPORT
LEGAL
© COPYRIGHT 2003-2021 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM