My server was hacked this weekend. By the Russians! Of the 50+ domains on my server, every single one had a hacked .htaccess file which was redirecting search results and a few other things to a russian site.
I’m assuming that one of the many, many wordpress installs has a plugin with a security flaw.
Two questions:
- Is it possible for a security hole in one plugin to allow someone access to other sites on the same server?
- What would a security flaw look like that might give someone access to the .htaccess file a directory or two above?
It’s possible that the issue was someone else, that Dreamhost (my host) has bigger issues. But, I’m exploring the option that it’s my fault.
Thoughts?
Personal Opinion: I had the same thing with (mt) mediatemple twice last year. They told me/us that it was a wordpress issue, but it wasn’t. I heard the same from dreamhost last year. So: don’t think about it too much, just remove the hack and blame your host (again).
Anyway: You could read this thread. If your DB got “infected”: There’s also a link to the plugin I wrote to remove the inserted links from my database. Give it a try.
I agree with kaiser , that MT hack was a bit of a fiasco, and often a host is not willing to spend the $$ to find the attack vector so they start laying blame around. Proprietary host systems make it hard to figure out on your own (unlike hosts that use cpanel, webmin, phpmyadmin, etc ).
To answer your questions:
Might be possible, but this depends more on your host configuration than any specific WordPress exploit. Compromised sites should not allow any directory traversing.
Impossible to say but my hunch is root access through a compromise on your own computer or your host.
ps. Is this a shared host, VPS, cloud ?