ON3P website hacked? WTF?

[webboy]

Damn.

[capulin overdrive]

not cool!


sure Scott has enough to worry about allready.

[iamTRuTH]

The same assholes that made Scott change the name of his ski?

[365wp]

wordpress ftl
my stupid blog has been hit 2x, and it's just pics of my kid and my dogs
there are bots that scour the web for wordpress sites to hack and post spammy comments on

[iggyskier]

Pretty much a bunch of awesomeness.

Site is entirely down as of now, besides the image above and link to the store.

If you are still getting malware warning, it is because the site has been flagged by google and that will show up until we clear it with them. Site is basically an image and a link, so nothing bad is actually on there.

If you want some more ski info, stuff is in the store (this link might also be flagged, but it is a completely different site and should have no issues).
http://on3pskis.myshopify.com/collections/2010-2011skis

Someone who does this kind of stuff for a living has offered to help us out, so they are going through and helping us make sure it is clean, cleared by google, and hopefully more secure in the future. We will be developing a new site next year anyway, so just want to make sure we are problem free until that time.

[South]

That sucks..

[tneeb]

Great stuff, I have a link on a site that I manage and saw the warning :-O . Hope the issue is resolved soon so we can stay up to date with everything.

Cheers!

[iggyskier]

Should be back up. pretty sure we are still waiting on google to scan and clear it so that warning goes away. otherwise should be good.

[samthaman]

just curious, would you be comfortable shedding a little light on how your site got hacked? I also have WP site and would very much like to avoid a similar fate if possible.

[iamTRuTH]

Scott any word on house? Sending some positive vibes to Boulder to push the flames away.

[iggyskier]

House is still there as of now, but very close to the fire.

Tonight looks terrifying to say the least.

Not much we can do at this point. Those guys are doing everything they can. Just hoping for the best.

[iggyskier]

just curious, would you be comfortable shedding a little light on how your site got hacked? I also have WP site and would very much like to avoid a similar fate if possible.

Let me ask the guy who fixed it and get back to you. It is apparently very common but I am not 100% sure on the details. Shoot me an email if you like.

[Cruzer]

House is still there as of now, but very close to the fire.

Tonight looks terrifying to say the least.

Not much we can do at this point. Those guys are doing everything they can. Just hoping for the best.

Thoughts and prayers for your folks safety...

[oftpiste]

^^^ seriously.

[fez]

Let me ask the guy who fixed it and get back to you. It is apparently very common but I am not 100% sure on the details. Shoot me an email if you like.

most likely exploited a vulnerability in wordpress' sql sanitation to change the default URL in the database to a malware server. at least that's what happened in the two wp sites i cleaned up that also got hacked. just had to change the default url back in the db then update wp.

http://blog.sucuri.net/2010/04/mass-...solutions.html

if you're using wp, keep it updated.

[Cruzer]

Website back online...

[RShea]

Wordpress has some forums and if you are not checking for updates and patches and applying them regularly then you are most likely vulnerable to hacking or security issues. My web hosting sends out messages to all with notice of updates to any applications or products they have running. Latest version is 3.01 that is their stable version (they have beta versions newer out there also).

This discusses the other ways to verify your version and any updates:
http://www.thepicky.com/blogging/how...-of-wordpress/