Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#46574 closed defect (bug) (invalid)

getmyfreetraffic hack

Reported by: tchala's profile tchala Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

My friend runs a load of WP sites

Most of them got hacked yesterday so he's madly installing backups of everything

Fortunately he showed me a hacked site BEFORE he fixed it

I was lucky enough to WGET the index page bother before and after he fixed the site

From my initial tests it's doing a 403 and if that hails replacing every link with a link to getmyfreetraffic.com

I tried the hacked version a few times and note that the 403 goes to different sites every time - my first try was a dead link to a .tk URL for some reason (possibly payload with a false 404)

Mark (my friend) is obviously worried about his business so didn't have time to archive the hacked site - I quite understand, if this happened to you it'd be a case of fix + forget.

I will ask Mark for root so I can see if I can find an infected site.

This is all in the moment so I can't be sure what happens next

Change History (5)

#1 @garrett-eclipse
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi @tchala

This ticket system is for the core development of WordPress and isn't a support channel.

Your best next steps are opening a thread on the official WordPress support channel here;
https://wordpress.org/support/

As well there's a great FAQ on the Codex that will hopefully help you through the process;
https://codex.wordpress.org/FAQ_My_site_was_hacked

All the best

#2 @tchala
4 years ago

Your attitude to a core hack is to ignore it?

OK

This affects 5.1.1 (so it's core)

#3 @desrosj
4 years ago

@tchala I'm sorry to hear that your friend's site was hacked, but no one is ignoring this. Sorry if you feel that is what's happening.

Unfortunately, your ticket fails to detail a specific problem other than "someone I know had their WordPress site hacked." Hacked sites do not fall into the classification of a WordPress Core issue unless a specific problem in the core code base is identified.

In those scenarios, those issues should be privately and responsibly disclosed (following the security processes laid out here, which you were asked to agree to when opening this ticket.

The resources that @garrett-eclipse provided to you are the best areas to focus your attention.

#4 @tchala
4 years ago

It's core that's broken from what I understand making this a core issue

If core is broken what's the point in contacting security?

Don't bother replying - just wait a few days THEN it becomes YOUR problem

I was simply notifying you that as far as I can see CORE has a major security flaw

#5 @Otto42
4 years ago

@tchala We understand your view, but you have not pointed out what the flaw actually is, and even if you had, reporting it publicly here is not the best way to get it solved.

If you do find how the site in question was hacked, and it turns out to be a problem in WordPress itself, then reporting it to the security team is how problems like that get fixed.

In the meantime, without knowing more details about how the site got hacked, then it could be a problem in a theme, in a plugin, or in some other code on the server entirely.

There isn't enough information in your post to identify where the problem lies, much less what the problem actually is. If you do find such information, then the security team can route that information to the proper person or persons to get the solution distributed quickly and effectively.

Note: See TracTickets for help on using tickets.