-
antoviaque posted an update in the group
System & Network Administration 1 year, 6 months ago The wordpress install got infected by a virus/hack – you probably didn’t notice anything as it was only visible by Google, to steal some page rank for pharmaceutical drugs… See details at http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php and http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html
Measures:
* Identified and cleaned files for each of the 3 parts of the infection (backdoor, plugin files and DB)
* Compared the files with a clean wordpress install (and overwritten base WP files with fresh versions)
* Removed all plugins files and re-installed them from scratch
* Hardened the wordpress install using the instructions on http://codex.wordpress.org/Hardening_WordPress
* Changed passwords (mysql and the 3 wordpress admins, ie @blanchard, @tartarugafeliz & me)
* Changed the secret keys (which also logged off everyone)
* Installed some security&monitoring WP plugins (WP Firewall, WP Bulletproof)
* Checked system for rootkits (they just had access to the web user, but just to be sure)The spam the virus/hack was generating for Google is now gone, and hopefully the cleanup will prevent it from reappearing. If you see anything fishy or broken, let me know.