Comments on: Breaking News: WordPress Hacked with Zettapetta on DreamHost http://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/ Securing WordPress tips, harden server vulnerabilities, WordPress Security Services, teleseminars, and how to secure WordPress from malicious hackers. Sat, 04 Feb 2012 08:38:41 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Regina Smolahttp://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/comment-page-7/#comment-4676 Regina Smola Mon, 11 Jul 2011 16:31:13 +0000 http://www.wpsecuritylock.com/?p=2462#comment-4676 Thanks for your comment and questions. I use HostGator. Great 24/7 support and updated servers. You can save 25% off with coupon code: wpsecuritylock25.Also, check out my post on 10 Tips for Secure Hosting here: http://www.wpsecuritylock.com/10-tips-for-secure-wordpress-hosting/ Thanks for your comment and questions. I use HostGator. Great 24/7 support and updated servers. You can save 25% off with coupon code: wpsecuritylock25.

Also, check out my post on 10 Tips for Secure Hosting here:
http://www.wpsecuritylock.com/10-tips-for-secure-wordpress-hosting/

]]> By: keerthihttp://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/comment-page-7/#comment-4665 keerthi Sat, 02 Jul 2011 13:15:33 +0000 http://www.wpsecuritylock.com/?p=2462#comment-4665 Hey regina,I have been using VPS Hosting from one of vendors I know and I feel that the after sales service is really bad with them. And also a couple of my wp sites got hacked recently and started showing that I am hosting some malware when I am just having static html content on my sites...So I am thinking of moving to Dreamhost but as u have said that they are prone to hacking can u suggest me any other hosting providers?Keerthi Hey regina,

I have been using VPS Hosting from one of vendors I know and I feel that the after sales service is really bad with them. And also a couple of my wp sites got hacked recently and started showing that I am hosting some malware when I am just having static html content on my sites...So I am thinking of moving to Dreamhost but as u have said that they are prone to hacking can u suggest me any other hosting providers?

Keerthi

]]> By: Regina Smolahttp://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/comment-page-7/#comment-4444 Regina Smola Wed, 04 May 2011 23:28:22 +0000 http://www.wpsecuritylock.com/?p=2462#comment-4444 Hi Steve,I did a scan on your website and you're dealing with two malware hacks, one is iframe malware and one is javascript malware. Be sure to change your passwords and WordPress secret keys and restore from a clean backup if you can.After your site is clean, the Google cache is going to stay on the net awhile. You have to wait until Google bot checks that page again before the clean one shows. You can find the last day cached in the top right corner.If you need help, please let me know. I also sent you an email with some further instructions. Good luck and stay safe.~ Regina Hi Steve,

I did a scan on your website and you're dealing with two malware hacks, one is iframe malware and one is javascript malware. Be sure to change your passwords and WordPress secret keys and restore from a clean backup if you can.

After your site is clean, the Google cache is going to stay on the net awhile. You have to wait until Google bot checks that page again before the clean one shows. You can find the last day cached in the top right corner.

If you need help, please let me know. I also sent you an email with some further instructions. Good luck and stay safe.

~ Regina

]]> By: Regina Smolahttp://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/comment-page-7/#comment-4421 Regina Smola Tue, 03 May 2011 21:01:02 +0000 http://www.wpsecuritylock.com/?p=2462#comment-4421 Steve,Yikes! Sorry to hear your site was hacked. Make sure you check the rest of your server for any other mystery directories/folders and files. Malicious hackers can leave them in many places.If you need help, please <a href="http://www.wpsecuritylock.com/contact/" rel="nofollow">contact me</a>.Stay secure,Regina Smola Steve,

Yikes! Sorry to hear your site was hacked. Make sure you check the rest of your server for any other mystery directories/folders and files. Malicious hackers can leave them in many places.

If you need help, please contact me.

Stay secure,

Regina Smola

]]> By: stevehttp://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/comment-page-7/#comment-4417 steve Tue, 03 May 2011 05:46:10 +0000 http://www.wpsecuritylock.com/?p=2462#comment-4417 Today realised that google flagged my WP site "this site may be compromised". I found a folder labeled "femur" on my ftp. Inside were hundreds of html files of spam sites. The folder was dated around mid April 2011 maybe it was the 16th. I deleted it. If you have any helpful hints please let me know. Today realised that google flagged my WP site "this site may be compromised".
I found a folder labeled "femur" on my ftp. Inside were hundreds of html files of spam sites.
The folder was dated around mid April 2011 maybe it was the 16th. I deleted it.
If you have any helpful hints please let me know.

]]> By: Erinhttp://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/comment-page-7/#comment-1915 Erin Tue, 26 Oct 2010 03:10:32 +0000 http://www.wpsecuritylock.com/?p=2462#comment-1915 I have a WordPress site hosted with Dreamhost. For months, it got infected w/ malicitious scripts on a daily basis. Dreamhost basically said it's my fault or the fault of the software I use. Everything I run is always up to date. Anyway, eventually the daily infections stopped, and I was clear for months. Then one day fairly recently (don't know when, sorry), they started again, always in the footer.php files (sometimes the header.php) of the /wp/wp-content/themes dir.I changed the prefix on all the tables via phpMyAdmin to something other than the wp_ default this weekend, but I was infected (and subsequently blocked by Google) yet again, though it turns out I missed ONE table. Whether or not that was the culprit, I won't know until I make it a length of time with no infections.I'm kind of at my wit's end with this. I don't know what to do if it doesn't work.Though it's noteworthy that the last-modified date/time does NOT change on the files when it happens, though the file size changes. Unless I check the source on my site multiple times per day, I have no idea that my site's been compromised until someone tells me it's blocked.Do you have any suggestions? I'm desperate.Thank you, Erin I have a WordPress site hosted with Dreamhost. For months, it got infected w/ malicitious scripts on a daily basis. Dreamhost basically said it's my fault or the fault of the software I use. Everything I run is always up to date. Anyway, eventually the daily infections stopped, and I was clear for months. Then one day fairly recently (don't know when, sorry), they started again, always in the footer.php files (sometimes the header.php) of the /wp/wp-content/themes dir.

I changed the prefix on all the tables via phpMyAdmin to something other than the wp_ default this weekend, but I was infected (and subsequently blocked by Google) yet again, though it turns out I missed ONE table. Whether or not that was the culprit, I won't know until I make it a length of time with no infections.

I'm kind of at my wit's end with this. I don't know what to do if it doesn't work.

Though it's noteworthy that the last-modified date/time does NOT change on the files when it happens, though the file size changes. Unless I check the source on my site multiple times per day, I have no idea that my site's been compromised until someone tells me it's blocked.

Do you have any suggestions? I'm desperate.

Thank you,
Erin

]]> By: Regina Smolahttp://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/comment-page-7/#comment-1875 Regina Smola Mon, 18 Oct 2010 16:35:39 +0000 http://www.wpsecuritylock.com/?p=2462#comment-1875 Hi nelsdrums,Sorry to hear your website was hacked. Was it done on 9/15/2010 or 10/15/2010?Were you able to get it fixed? Also, did you find out how they got into your site? Hi nelsdrums,

Sorry to hear your website was hacked. Was it done on 9/15/2010 or 10/15/2010?

Were you able to get it fixed? Also, did you find out how they got into your site?

]]> By: nelsdrumshttp://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/comment-page-7/#comment-1873 nelsdrums Mon, 18 Oct 2010 03:30:17 +0000 http://www.wpsecuritylock.com/?p=2462#comment-1873 My Dreamhost site was hacked on 09-15-10 at 10:51 pm PST. Here's the code on every single PHP file of the WP 3.0.1 installation: "/**/ eval(base64_decode("aWYoZnVuY3RpbComment Edited by Regina Smola: We have copied the entire hacker code and shortened it to protect our readers. My Dreamhost site was hacked on 09-15-10 at 10:51 pm PST. Here's the code on every single PHP file of the WP 3.0.1 installation: "/**/ eval(base64_decode("aWYoZnVuY3Rpb

Comment Edited by Regina Smola: We have copied the entire hacker code and shortened it to protect our readers.

]]> By: Abidhttp://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/comment-page-7/#comment-1835 Abid Sat, 09 Oct 2010 12:59:37 +0000 http://www.wpsecuritylock.com/?p=2462#comment-1835 Thank you,I had changed the passwords and contacted my host in order to retrieve the database backup. Anyways, with your and my hosts help I am able to get my blog back. It is cleaned now :)Regards, Abid Sultan Thank you,

I had changed the passwords and contacted my host in order to retrieve the database backup. Anyways, with your and my hosts help I am able to get my blog back. It is cleaned now :)

Regards,
Abid Sultan

]]> By: Regina Smolahttp://www.wpsecuritylock.com/breaking-news-wordpress-hacked-with-zettapetta-on-dreamhost/comment-page-7/#comment-1833 Regina Smola Sat, 09 Oct 2010 00:15:08 +0000 http://www.wpsecuritylock.com/?p=2462#comment-1833 Yes, your WordPress site has been hacked by .HaCkEd By FoX HaCkEr. We know this because they've left their hacker "calling card" all over your website. You can see that you're not alone. This hacker has hacked several other sites. Look at this <a href="http://www.google.com/#sclient=psy&hl=en&q=%22.HaCkEd+By+FoX+HaCkEr%22&aq=f&aqi=&aql=&oq=&gs_rfai=&pbx=1&fp=a29c82155c57878e" rel="nofollow">Google search result</a>. Don't worry it's safe to click that link.According to my scans, right now there is no malware detected that can infect your computer. It looks like a partial defacement.Don't panic. It can be fixed.Please go and change all of your FTP passwords, all of your wp-admin passwords that have access to your "Dashboard" and change your Authentication Unique Keys and Salts in your wp-config.php file immediately.Do you have a backup of your website and database? Yes, your WordPress site has been hacked by .HaCkEd By FoX HaCkEr. We know this because they've left their hacker "calling card" all over your website. You can see that you're not alone. This hacker has hacked several other sites. Look at this Google search result. Don't worry it's safe to click that link.

According to my scans, right now there is no malware detected that can infect your computer. It looks like a partial defacement.

Don't panic. It can be fixed.

Please go and change all of your FTP passwords, all of your wp-admin passwords that have access to your "Dashboard" and change your Authentication Unique Keys and Salts in your wp-config.php file immediately.

Do you have a backup of your website and database?

]]>