Bad days since 3 days now. One of my network has been hacked with the famous
exploit, and drive me crazy. Fortunately i had backups, after 3 days i have been able to run the network again without data lost after hours of stress (the exploit came back few minutes after restore)
Installed wordfence a security plugin quite cool and even took a premium api.
Since this morning the network is stable, but still not identified the backdoor origin.
Have you any experience in that bulls.... ????
- this occured after Quick cache died (please if you use it remove it cleanly )and tried to install W3 total cache. The 5 minutes during wp-content was in 777 and the server was down.
The install process of this plugin is just totally unsecure, and managed to remove it totally.
- I removed ALL themes using thimthumb (just in case)
==> please guys, make a selection of themes for the farm that does NOT use it....
- I blocked all russia, and known blacklisted ip directly on the server since had many attempt to connect to "admin" (false) username
- I deleted all transient in the database, and suppress all inactive blogs.
- installed wordfence and scan, scan scan....
Now a little request. You guys are aware with security, please share. Htaccess protections, advices are welcome.
* Please tell me if there is a way to FORCE user setting up a nickname different from their user name. A little plugin would be welcome.
* Is it possible that the ads code injection textbox of prosites may be unsecure ?