Community Forums › Forums › Archived Forums › General Discussion › Malware Alert
- This topic has 4 replies, 2 voices, and was last updated 8 years, 6 months ago by Christoph.
-
AuthorPosts
-
October 19, 2015 at 3:03 pm #168517AlyssonMember
Hello, all! Just a quick heads up that you might want to run a Sucuri SiteCheck ASAP (particularly if you or your clients are customers of HostGator). It took me a while to track down the issue, but it ultimately ended up being that both the header.php and footer.php files in the Genesis directory had been compromised. Just download a fresh copy from Studiopress and replace your existing files with fresh copies... you should be good to go.
Hope this helps someone out!
http://www.all-my-genesis-sites-on-hostgator.comOctober 19, 2015 at 3:25 pm #168519AlyssonMemberJust as an FYI, I'm no noob. I'm more cognizant of the importance of securing WordPress installations than most and I use both Wordfence & iThemes Security Pro to lock down all of my Genesis sites... and the files were hacked anyway. Don't assume you're safe just because Genesis is historically secure and you tend to have your ducks in a row. No site is completely secure and even Genesis can be hacked, no matter how sure you are that you've got your sites locked down.
October 21, 2015 at 11:07 pm #168714ChristophMemberHi Alysson,
while I appreciate your heads up, the solution you are mentioning is down right dangerous if you do nothing more than changing those two files.
So while you are an expert, I´m writing this for anybody else who is stumbling upon your post.Somehow somebody hacked the server or the WordPress installation (guessed a weak password, took advantage of a vulnerable plugin that was not updated,...), got themselves write access and changed those two files.
You would be very ill advised to not change all your passwords for cPanel and WordPress.
You should inform your hosting provider because if the server was compromised, all accounts on that server could be affected, not just yours.
Check the User entries in WordPress. If you find a suspicious user with an Administrator role, your website is still in jeopardy.These are just some very rudimentary first steps to secure your website again.
Don't just replace those files. More than likely they were not part of the attack vector but the result.
October 21, 2015 at 11:31 pm #168715AlyssonMemberHi, Christoph. I didn't declare myself an expert, nor was I suggesting cleaning up those files alone was sufficient. My apologies if that's how my post comes across. I was merely trying to point people in the right direction to help them discover which files have been compromised, where to find them and that replacing them with originals from a freshly downloaded copy of Genesis would solve the most immediate issue - remedying the hack itself. I shared that information only to save them a bit of time. Getting to the bottom of how a site was hacked is, as you point out, an entirely different endeavor altogether.
There are obviously a number of other steps to take post-cleanup, including those you mentioned, when investigating how an attacker gained access to a site to begin with. However, my goal was not to post a start-to-finish tutorial. My goal was simply to let people know how to solve the most pressing issue, should a Sucuri scan indicate their site is infected with malware - which, as I said, is locating and fixing the hacked files and doing so as quickly as possible.
Thanks for taking time to point out that they shouldn't stop there. There certainly is more to be done than just remedying the hacked files, though that is obviously the most urgent matter and the topical basis of my original post.
October 22, 2015 at 8:02 am #168762ChristophMemberHi Allyson,
I appreciate your clarification.
Your choice of words
replace your existing files with fresh copies… you should be good to go.
prompted me to expand on your statement because many beginners are using this forum.
One of the reasons this community is so great. We can all share our experiences, pitch in and help each other.
I apologize if rewording "I´m no noob" to expert came across in a flippant way. I meant it as "while you know what you are doing".
Thanks again for posting this in the first place.
-
AuthorPosts
- The forum ‘General Discussion’ is closed to new topics and replies.