Comments on: The Drunkjeans.com / Roundstorm.com Hack and how to get rid of it http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/ Dedicated Wordpress Hosting and Support Tue, 31 Jan 2012 09:43:10 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: mortise lock http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/comment-page-4/#comment-1000 mortise lock Tue, 30 Nov 2010 11:56:37 +0000 http://wpguru.co.uk/?p=460#comment-1000 we got (Pantscow.ru) infected our blog most of them on .js files. sorry for your loss bro, [Search ".ru" (4255 hits in 1298 files)] its really a big deal. you should clean your PC first. we got (Pantscow.ru) infected our blog most of them on .js files.
sorry for your loss bro, [Search ".ru" (4255 hits in 1298 files)] its really a big deal. you should clean your PC first.

]]> By: Richard http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/comment-page-5/#comment-488 Richard Wed, 29 Sep 2010 16:22:21 +0000 http://wpguru.co.uk/?p=460#comment-488 WARNING: They dont hack your FTP or server directly (might be, but smaller chance). They infect the machine (probably with a .sys driver (try out bitdefender addon for FF)) that you used to upload your sites files to your webspace. If u stored your FTP credentials on it ... they connect to your webspace and alter the the index and js files. So beware, changing FTP PW is only working until you log on to your space again if u dont clean your machine first !!! WARNING:
They dont hack your FTP or server directly (might be, but smaller chance).
They infect the machine (probably with a .sys driver (try out bitdefender addon for FF)) that you used to upload your sites files to your webspace.
If u stored your FTP credentials on it … they connect to your webspace and alter the the index and js files.
So beware, changing FTP PW is only working until you log on to your space again if u dont clean your machine first !!!

]]> By: John http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/comment-page-4/#comment-276 John Mon, 30 Aug 2010 10:34:00 +0000 http://wpguru.co.uk/?p=460#comment-276 Same here. They "hacked" our website i think through ftp and installed the above code. The url of the javascript doesn't exist and the funny thing is that google got it just before i could do something. (i found it straight away) Now i changed ftp password and changed also the infected files. (mostly .js files) and just one php file. Same here. They “hacked” our website i think through ftp and installed the above code. The url of the javascript doesn’t exist and the funny thing is that google got it just before i could do something. (i found it straight away)

Now i changed ftp password and changed also the infected files. (mostly .js files) and just one php file.

]]> By: Edgar http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/comment-page-4/#comment-283 Edgar Wed, 18 Aug 2010 02:39:19 +0000 http://wpguru.co.uk/?p=460#comment-283 we got it pretty bad inkrainbow.ru/quicktime.js pocketbloke.ru/QuickTime.js Search ".ru" (4255 hits in 1298 files) not all of them are the address but most are we got it pretty bad

inkrainbow.ru/quicktime.js

pocketbloke.ru/QuickTime.js

Search ".ru" (4255 hits in 1298 files)
not all of them are the address but most are

]]> By: Back with a Vengeance: The Downtime is over! http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/comment-page-4/#comment-222 Back with a Vengeance: The Downtime is over! Tue, 03 Aug 2010 12:17:39 +0000 http://wpguru.co.uk/?p=460#comment-222 [...] you will have noticed that this site has been down for the last few days weeks. Not good I know! A nasty hacker attack was responsible and I was just too busy getting everybody else’s project back up and running [...] [...] you will have noticed that this site has been down for the last few days weeks. Not good I know! A nasty hacker attack was responsible and I was just too busy getting everybody else’s project back up and running [...]

]]> By: adi http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/comment-page-4/#comment-214 adi Sat, 31 Jul 2010 15:19:53 +0000 http://wpguru.co.uk/?p=460#comment-214 Same problem as above, several sites got infected and i use CentOS, Cpanel and FileZila. I think we had a similar problem about 6/7 months a go where all our index files got infected. but since then i have move to a new saver but with the same company . Same problem as above, several sites got infected and i use CentOS, Cpanel and FileZila.

I think we had a similar problem about 6/7 months a go where all our index files got infected. but since then i have move to a new saver but with the same company .

]]> By: Jay Versluis http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/comment-page-4/#comment-212 Jay Versluis Sat, 31 Jul 2010 13:31:09 +0000 http://wpguru.co.uk/?p=460#comment-212 @ Jeremy What a pain... Good luck ;-) @Alex79 Sounds serious. See if you can get in touch with your hosting provider. If they can't help you, sign up with me and <a href="http://wpguru.co.uk/hosting/" rel="nofollow">get excellent hosting with Wordpress pre-installed</a>. @ Jeremy
What a pain… Good luck ;-)

@Alex79
Sounds serious. See if you can get in touch with your hosting provider. If they can’t help you, sign up with me and get excellent hosting with WordPress pre-installed.

]]> By: ALEX79 http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/comment-page-4/#comment-209 ALEX79 Sat, 31 Jul 2010 09:25:28 +0000 http://wpguru.co.uk/?p=460#comment-209 MY SITE HAS BEN hacked by * Malepad.ru document.write('') I CLEAN THE FILES ITS WORK SOME TIME BUT NOW I KANT LOGHIN IN MY WORDPRESS CONTROL PANEL GIVE ERROR 500 INTERNAL SERVER ERROR END MY SITE GIVE ERROR 500 INTERNAL SERVER ERROR ..I DELET EVERYTHING DATABASE EVERYTHING..BUT I KANT INSTAL A NEW FRESH WORDPRESS ..IN ME 500 INTERNAL SERVER ERROR!! PLISS HELPPP MY SITE HAS BEN hacked by * Malepad.ru

document.write(”)
I CLEAN THE FILES ITS WORK SOME TIME BUT NOW I KANT LOGHIN IN MY WORDPRESS CONTROL PANEL GIVE ERROR 500 INTERNAL SERVER ERROR END MY SITE GIVE ERROR 500 INTERNAL SERVER ERROR ..I DELET EVERYTHING DATABASE EVERYTHING..BUT I KANT INSTAL A NEW FRESH WORDPRESS ..IN ME 500 INTERNAL SERVER ERROR!!
PLISS HELPPP

]]> By: Jeremy http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/comment-page-4/#comment-207 Jeremy Fri, 30 Jul 2010 16:15:00 +0000 http://wpguru.co.uk/?p=460#comment-207 Also hacked. We had the malepad.ru in all our js files. We don't use filezilla. Since the DB's seem unaffected and based on comments above I'm leaning towards FTP breach. Obviously we've changed all the FTP passwords. Off to fix all the js files now.... Also hacked. We had the malepad.ru in all our js files. We don’t use filezilla. Since the DB’s seem unaffected and based on comments above I’m leaning towards FTP breach. Obviously we’ve changed all the FTP passwords. Off to fix all the js files now….

]]> By: The Roundstorm Virus/Trojan Information | http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/comment-page-3/#comment-204 The Roundstorm Virus/Trojan Information | Thu, 29 Jul 2010 18:28:23 +0000 http://wpguru.co.uk/?p=460#comment-204 [...] few days later and I managed to find a blog that was discussing the virus, and also talking about the different forms/variations it came [...] [...] few days later and I managed to find a blog that was discussing the virus, and also talking about the different forms/variations it came [...]

]]> By: Olly http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/comment-page-3/#comment-203 Olly Thu, 29 Jul 2010 17:50:39 +0000 http://wpguru.co.uk/?p=460#comment-203 http://forum.filezilla-project.org/viewtopic.php?f=1&t=11003&start=0 FYI A search for filezilla, password, hack finds LOTS of stuff about it. We had 3 accounts hacked on our server, however we cant work out how these three particular acocunts got owned. I have filezilla on mine, and that could explain 2 of them, but the one other 1 is a mystery. My mate uses filezilla, but only has HIS account saved. The only explanation is that we both had/have a virus. Im scanning every computer in the office with Malware Bytes.. Not found anything on mine yet tho! http://forum.filezilla-project.org/viewtopic.php?f=1&t=11003&start=0

FYI

A search for filezilla, password, hack finds LOTS of stuff about it.

We had 3 accounts hacked on our server, however we cant work out how these three particular acocunts got owned.

I have filezilla on mine, and that could explain 2 of them, but the one other 1 is a mystery.

My mate uses filezilla, but only has HIS account saved.

The only explanation is that we both had/have a virus.

Im scanning every computer in the office with Malware Bytes.. Not found anything on mine yet tho!

]]> By: Jay Versluis http://wpguru.co.uk/2010/07/the-drunkjeans-com-wordpress-hack-and-how-to-get-rid-of-it/comment-page-3/#comment-202 Jay Versluis Thu, 29 Jul 2010 17:38:19 +0000 http://wpguru.co.uk/?p=460#comment-202 Yes I use Filezilla... and I also believe it's happening via FTP. Since I've changed all the FTP passwords, the files are OK (although a certain IP address has tried to gain access into EVERY account). Superb call Olly, that may well be how they got their hands on the passwords: FileZilla. Hands up everybody who has their site hacked AND uses FileZilla. Yes I use Filezilla… and I also believe it’s happening via FTP. Since I’ve changed all the FTP passwords, the files are OK (although a certain IP address has tried to gain access into EVERY account).

Superb call Olly, that may well be how they got their hands on the passwords: FileZilla.

Hands up everybody who has their site hacked AND uses FileZilla.

]]>