March 28, 2010 | 
Author 
I would like to extend an invitation to all my readers to join me in the discussion of this very important topic on Frontline Results with Louise Barnes-Johnston.
As Louise states on her BlogTalk Radio page for the radio show Monday, 10 AM CDT (4 PM BST):
Would you know what to do if it happened to you? Do you have a WordPress website? If your business depends on getting enquiries or sales through your website then people being warned not to visit could have serious consequences – to put it mildly! This show is about what happened when my friend and colleague Sam McArthur of Forty First Internet Marketing suffered this awful experience. I’ll be speaking with Sam (in the UK) and with PC Security expert Debbie Mahler of MICE Technology & Training (in the USA) to find out what steps they took to resolve the problems and secure the site again. Join us if you want to avoid being a victim of hacking.
As you may remember, I’ve discussed this hack with you on this blog before. First in the post: WP Blog Owners! Check Your .htaccess Files! and then again in a follow-up post: Follow-up on WP .htaccess Hack.
If you have a WP blog site, or know someone who does, I really recommend that you join Louise, Sam, and myself by calling into the show (347) 202-0208 or listening online live at the show page on BlogTalk Radio by clicking here. Remember, it’s 10 AM Central Daylight Time (Chicago Time) or 4 PM British Standard Time on Monday, March 29.
If you call in or chat live, you can ask questions! Now’s your chance to get your WP security questions answered!
Again, the show page is: http://www.blogtalkradio.com/louisebj/2010/03/29/flr-48–help–my-website-has-been-hacked
Posted in Recommended | 
Tags: base64, base65, cross site scripting, hack, hacker, hackers, htaccess, redirect, rewrite, Wordpress, wordpress hack, wp, XSS | 
Comments Closed
Here at MICE, we don’t publicly advertise our security clients because it’s an open invitation to hackers.
However, I do need to tell you that I was recently hired to look over a self-hosted WordPress blog site that had been hacked. I didn’t get to see the actual hacked message, but the client described it as a defacement of the main blog page saying, “You’ve been hacked.”
I am still trying to find out from the blog owner a few minor details to determine how it was actually done, but the .htaccess file had been modified giving the hacker permission to rewrite to all the files on the blog.
As soon as I find out the remaining information, I will post more details including screen shots of the website that the file redirected to.
I am blocking the actual redirect website with Xs in the line I found in question in the .htaccess file because I don’t want anyone going there, but if you see this code, delete it and re-upload the file.
RewriteRule .* http://xxx-xxxxx.xx/xx.cgi?4¶meter=ku [R,L]
The R stands for Redirect and the L means Last so it stops processing the rule after the condition is matched.
You can open the .htaccess file in a textpad or notepad document if you right mouse click and choose open with.
More later but this your heads up!
 |
 |
 |
|
||
 |
|
 |
|
||
Join today and receive a FREE copy of our "Why is My PC So Slow?" eBook!
