I had a problem recently with a website I moved from one server to another – there was some injected javascript in the sql database that had never been eradicated, so in essence I brought over a hack when I brought over the website. My client’s website was redirecting to a link farm, and simply locking down the login area and comments just didn’t fix the problem.
I asked some very smart friends of mine what was happening and they were pretty confident I had a sql injection attack on my hands. This just means a bored hacker decided this website’s database would be a great place to store a bit of javascript that when loaded back onto the client’s website then redirected to their own website. You just couldn’t visit the client site without being redirected. Not good.
After a quick search I found this great post Top 5 WordPress Vulnerabilities and How to Fix Them and the first two items, updates to the htaccess file, seemed best for the situation.
- First idea is to make sure any code run to the page from the database gets stripped of any syntax that actually allows it to run, rendering it harmless (ie. html, css, javascript)
- Second, make sure any sensitive files on the webserver are blocked from outside and unauthorised access.
These things are in addition to locking down other things like comments and comment spam, securing the login area and setting webserver permissions to stronger than Read All for all files (bad idea to leave all files as “777”).
Now for other security measures, namely plugins against comment spam, see my article here. But the first two fixes to the htaccess file above seem to be what I needed to finally kill this crappy redirect that was happening.
Client happy, I’m happy. We’ll see in a few days if it is fully eradicated; you seem sometimes these spammers take breaks, and sometimes their code does too.
What’s the worst WordPress hack you’ve ever had and how did you get rid of it?
