Hall of Fame

[Marius P.]

Hi guys!
Today I've found my websites compromised, several shell scripts in each root and so on.
So, i've google like crazy to see how this was posible.
Obviously it was an Apache issue, they injected shell via an old version of Wordpress (ALWAYS UPDATE WORDRESS and use a security plugin). They've spread all over the place with the apache vulnerability.


I did some steps to put my server back to safety:

Code Select Expand

1. Runned Linux Malware Detect (LMD) and cleaned all files from the report http://xmodulo.com/2013/03/how-to-detect-malware-on-linux.html
2. Runned ClamAv (just in case) with remove files option.
3. Updated CPanel
4. Rebuilt Apache and upgraded it.
5. Changed all ftp passwords
6. Added Suphp & mod_security
7. Shutdown Symlinks
8. Updated all CentOs packages

Hopefully this will help you guys as well if someday you bump into this issues.

[leen12]

sweet thanks for the info mario im sure this will help sometime,

any idea on when v 3.3 rc 2 is out?

[Marius P.]

2 days tops. It's mainly done, just changing the upload class, add a shell injection security to it, a quick check and optimising a bit the crons.

[leen12]

what??? are you serious? lol

i thought you would say like 3 or 4 months lmao =P

niceeee

great work mario keep it up =), i have to say i have started to see many more scripts like this and similar wordpress setups etc.. but im glad i bought this one

is there any temp fix we can get for the facebook image previews as people keep complaining im posting the same content and removing me from places etc.. lol

my videos are using the same images,

any help is appreciated thanks again

[Marius P.]

For 3.3? I'm working on that part now.

[leen12]

yea, ok thanks let me know when you get it fixed please 

[Marius P.]

yea, ok thanks let me know when you get it fixed please 

Please don't use "fixed" it sounds like a bug, it's just a missing feature, not a bug

[leen12]

ok sorry, lol ino what you mean