How to fix BlackHole Exploit virus and avoid future attacks

So I got a user tell me that their AVG blocked my website (and all my websites in my Bluehost account) due to a BlackHole Exploit Kit.

I downloaded AntiVirus plugin and that plugin detected files in my theme that got hacked. Sure enough index.php and other files got hacked.

I basically deleted those files and re-uploaded them.

Then I re-installed my version of Wordpress for each website. Pain in the ass!

Does anyone know how to avoid this in the future? I learned how to fix it but not how to avoid it.

Thanks!

Giovanni

  • 3SixtyEvolve

    Hi Giovanni

    Thank you for being part of our Community!

    I completely understand your frustration and I am glad that you did get the problem sorted. It would be great if you can actually share the steps you took to remove the BlackHole Exploit Kit. Regarding this, I found a very interesting article about the BlackHole Exploit Kit. Worth reading... http://www.webopedia.com/TERM/B/blackhole_exploit_kit.html

    To avoid any type of hacking threats, you should take care of the following things (recommended by Bluehost):

    - Firstly, and most importantly, set up very strong passwords.
    - Remove malicious files and/or files you are not familiar with.
    - Update all scripts/applications to the newest versions available.
    - Update all plugins to the newest versions available.
    - Delete any databases/applications from your account that are no longer in use.
    - Fix dangerously writeable permissions.
    - Hide your configuration files.
    - Tweak your php.ini file.
    - Connect to your account using a secure network.
    - Make sure your local computer is secure.
    - Anti-Virus Applications

    You can read their full article on 'Basic Site Security Checklist' here: https://my.bluehost.com/cgi/help/511

    Let me know if this information was helpful. And don't hesitate to be in touch should you need any further support from our side. I will resolve this thread, but if you feel you require more input from our Support Team, please don't hesitate to reopen it. Just select the 'Mark as Not Resolved (re-open)' box below the post area (otherwise we might miss your new post).

    Have a good day and all the best with your server security!

    GinaB

  • Arun Basil Lal

    Hi guys,

    Here are couple of WordPress plugins that would help you stop and scan for such problems in the future:

    WordPress Firewall 2. This is awesomeness in a box - http://wordpress.org/extend/plugins/wordpress-firewall-2/

    Exploit Scanner. Am new to this plugin, a user in here was using it and I tried it out. Looks good - http://wordpress.org/extend/plugins/exploit-scanner/

    @Giovanni - I am very interested to know what you did to get rid of the infection. I get a lot of these attacks on my server.

    Hope that helps a bit,

    Cheers,
    Arun Basil Lal

  • Giovanni

    Arun,

    All I did was update my Wordpress install. The websites that were at the latest version it was easy, just click Re-Install button in the core-upgrade.php menu

    I also re-uploaded my theme files and deleted those on the server.

    I then re-uploaded my plugin files.

    I did this for 10 websites so you can imagine what a pain it was. Some websites did not have the latest WP install and I could not upgrade on fear of malfunciton so I re-installed the files for the respective versions.

    It was a pain but worth it.

    To check if my theme files got screwed I used AntiVirus. Sad this plugin doesn't do the same scan for plugin files though and core files.

    Good luck and thanks for the 411!

    Giovanni

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.