Greek PM web site hacked

[Magda Hassan]

GREEK PEOPLE PAID 20.000e for this website
It is a wordpress.(free software)
And guess what?
......warn: WordPress version outdated: Upgrade required...
This means that sensitive information are exposed to anyone who can breakthrough
a non updated platform
-THEIR SITE CAN BE HACKED AND ANONYMOUS IS GIVING YOU THE SOLUTION TO ONE OF YOUR PROBLEM-
HOW TO PREVENT A HACK IN OUTDATED PLATFORM LIKE YOURS......
***********************************ANONYMOUS HELPS FOR FREE************************************************
The vulnerability lies in outdated versions of the popular TimThumb library. If you got hacked, you have a plugin or theme which has an outdated TimThumb lib.


Instructions to fix the Hack


Disclaimer: follow these instructions at your own risk. Back up your files before replacing / editing them.


Change the file permission of (chmod) .htaccess to 644. Create a new .htaccess and overwrite the one on your server with the new one.
Get the latest version of TimThumband replace the existing ones with it - be it in plugins or themes or anywhere else. Log in to your shell account and do this:


$ find /home/accountname/website/ -name "thumb.php"
$ find /home/accountname/website/ -name "timthumb.php"


If you find any, replace them with the latest version. thumb.php could be some other file too, make sure to confirm its is TimThumb before replacing it.
Delete these files:
/wp-content/uploads/_wp_cache.php
/wp-content/uploads/sm3.php




Analysis of the Hack


The cause of the hack seems to be an outdated TimThumb version on your server. It can be found in a theme or plugin as either timthumb.php or thumb.php. In the case I analyzed TimThumb was found in The Morning After theme, WordPress Popular Posts, and WP Mobile Detector. The Morning After theme was the active theme, so I just got the latest version of TimThumb and replaced with it. Replaced timthumb.php for WordPress Popular Posts too. WP Mobile Detector was an inactive plugin, so I just deleted it.


The hack edits the WordPress .htaccess and adds redirection instructions to all traffic coming from a long list of websites to be redirected to http://awebsite.com. And it does a 301 redirect (permanent redirection), which can have seriously negative impression and SEO outcomes. Also it re-configures your website to be forwarded to http://awebsite.com. for all kind of errors and statuses (404, 500 etc) on your website.


If you open .htaccess and take a look at it, you are most likely to see nothing odd in there. But look at its filesize , now it's is more than 5 KB! It should have been about 500 Bytes only. Look at the file again, see that scrollbar? Scroll down to find the additional code added by the hack.


If you just edit and try uploading the .htaccess file, it will fail. That's because the hack has chmodded .htaccess to 444, which means you can only open it now, not edit or delete it. Fortunately fixing that is pretty straight forward, just chmod it back to 644. If you are using an FTP client you will get the option under File permission or something named like that.


It also drops two files in the /wp-content/uploads directory: _wp_cache.php and sm3.php. There are also reports of finding wp.php and sm3.php in the current theme directory. I really didn't care to study them in detail, most probably they were backdoors or resurrectors. Just delete them!


If you have followed the instructions above, you should be safe - for now.DONT SAY WE DID NOT WARN YOU.
AND THIS IS JUST ONE METHOD TO DO IT....THERE ARE MANY...SO STOP SEALING MONEY AND FIX THAT SHIT
***********************************************************************************************************


This is nothing compared to the next docs we are going to publish about how
a site can cost even several million euros for no work at all....yes it is happening in greece
-----------------------------------------------------------------------------------------------------------
G R E E K A N O N Y M O U S U N I T E D N E T W O R K A N A L Y T I C S
-----------------------------------------------------------------------------------------------------------




- Hellenic Republic, The Prime Minister's Office


http://www.primeminister.gr
1. http://www.primeminister.gr/feed/
2. http://www.primeminister.gov.gr/
3. http://www.primeminister.gov.gr/feed/podcast/
4. http://www.primeminister.gov.gr/
5. http://www.primeminister.gov.gr/english/
6. http://www.primeminister.gov.gr/
7. http://www.primeminister.gov.gr/
8. http://www.primeminister.gov.gr/primeminister/
9. http://www.primeminister.gov.gr/government/
10. http://www.primeminister.gov.gr/category/news/
11. http://www.primeminister.gov.gr/diavgeia
12. http://www.primeminister.gov.gr/category/blog/
13. http://www.primeminister.gov.gr/2012/07/22/9592
14. http://www.primeminister.gov.gr/2012/07/22/9592
15. http://www.primeminister.gov.gr/2012/07/06/9541
16. http://www.primeminister.gov.gr/2012/07/06/9541
17. http://www.primeminister.gov.gr/2012/06/21/9501
18. http://www.primeminister.gov.gr/2012/06/21/9501
19. http://www.primeminister.gov.gr/category...akanoinosi
20. http://www.primeminister.gov.gr/category/news/dilosi
21. http://www.primeminister.gov.gr/category/news/epistoli
22. http://www.primeminister.gov.gr/category/news/omilia
23. http://www.primeminister.gov.gr/category/news/calendar
24. http://www.primeminister.gov.gr/category/news/pressconf
25. http://www.primeminister.gov.gr/category/news/interview
26. http://www.primeminister.gov.gr/category...airetismoi
27. http://www.primeminister.gov.gr/youtube
28. http://www.primeminister.gov.gr/flickr
29. http://www.primeminister.gov.gr/twitter
30. http://www.primeminister.gov.gr/category/podcasts
31. http://www.primeminister.gov.gr/category...e%ad%ce%b1
32. http://www.primeminister.gov.gr/2012/07/24/9599
33. http://www.primeminister.gov.gr/2012/07/22/9597
34. http://www.primeminister.gov.gr/2012/07/22/9592
35. http://www.primeminister.gov.gr/2012/07/20/9589
36. http://www.primeminister.gov.gr/2012/07/17/9582
37. http://www.primeminister.gov.gr/2012/07/16/9574
38. http://www.primeminister.gov.gr/2012/07/09/9561
39. http://www.primeminister.gov.gr/2012/07/09/9557
40. http://www.primeminister.gov.gr/2012/07/09/9555
41. http://www.primeminister.gov.gr/2012/07/09/9553
42. http://www.primeminister.gov.gr/terms-of-use-privacy
43. http://creativecommons.org/licenses/by/3.0/gr/
44. http://mathe.ellak.gr/
45. http://www.wordpress.org/
46. http://www.w3.org/WAI/intro/wcag.php


Hidden links:
47. http://government.gov.gr/%CF%85%CF%80%CE...%B9%CE%B1/
domain: primeminister.gov.gr
status: taken
nameserver: ns1.otenet.gr
nameserver: ns2.otenet.gr
http://www.primeminister.gov.gr (193.105.109.40) - Greece (GR)
SOA record The SOA record is:
Primary nameserver: ns1.otenet.gr
Hostmaster E-mail address: hostmaster.ns1.otenet.gr
Serial #: 2010032909
Refresh: 10800
Retry: 3600
Expire: 1814400 3 weeks
Default TTL: 86400
ERRORS http://wave.webaim.org/report?url=http%3....gov.gr%2F
Sorry! We found the following errors (9)
URI : http://www.primeminister.gov.gr/wp-conte...ickbox.css
40 .TB_overlayBG Parse Error opacity=75)
41 .TB_overlayBG Property -moz-opacity doesn't exist : 0.75
47 * html #TB_overlay Value Error : height Parse Error document.body.scrollHeight > document.body.offsetHeight ? document.body.scrollHeight : document.body.offsetHeight + 'px')
64 * html #TB_window Value Error : margin-top Parse Error - parseInt(this.offsetHeight / 2) + (TBWindowMargin = document.documentElement && document.documentElement.scrollTop || document.body.scrollTop) + 'px')
135 * html #TB_load Value Error : margin-top Parse Error - parseInt(this.offsetHeight / 2) + (TBWindowMargin = document.documentElement && document.documentElement.scrollTop || document.body.scrollTop) + 'px')
145 #TB_HideSelect Parse Error opacity=0)
146 #TB_HideSelect Property -moz-opacity doesn't exist : 0
154 * html #TB_HideSelect Value Error : height Parse Error document.body.scrollHeight > document.body.offsetHeight ? document.body.scrollHeight : document.body.offsetHeight + 'px')
162 #TB_iframeContent Property _margin-bottom doesn't exist : 1px
Validation Output: 24 Errors


Error Line 19, Column 111: NET-enabling start-tag not immediately followed by null end-tag


…//www.primeminister.gr/wp-content/themes/primeminister/images/thumb_fb.png" / >


✉


This error may occur when there is a mistake in how a self-closing tag is closed, e.g '.../ >'. The proper syntax is '... />' (note the position of the space).
Error Line 19, Column 111: end tag for "link" omitted, but OMITTAG NO was specified


…//www.primeminister.gr/wp-content/themes/primeminister/images/thumb_fb.png" / >


✉


You may have neglected to close an element, or perhaps you meant to "self-close" an element, that is, ending it with "/>" instead of ">".
Info Line 19, Column 1: start tag was here


<link rel="image_src" href="http://www.primeminister.gr/wp-content/themes/prime…


Error Line 19, Column 112: character data is not allowed here


…//www.primeminister.gr/wp-content/themes/primeminister/images/thumb_fb.png" / >


✉


You have used character data somewhere it is not permitted to appear. Mistakes that can cause this error include:
putting text directly in the body of the document without wrapping it in a container element (such as a <p>aragraph</p>), or
forgetting to quote an attribute value (where characters such as "%" and "/" are common, but cannot appear without surrounding quotes), or
using XHTML-style self-closing tags (such as <meta ... />) in HTML 4.01 or earlier. To fix, remove the extra slash ('/') character. For more information about the reasons for this, see Empty elements in SGML, HTML, XML, and XHTML.
Error Line 61, Column 169: required attribute "alt" not specified


…er.gov.gr/wp-content/themes/primeminister/images/logo.png" height="63px" /></a>


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 114, Column 117: required attribute "alt" not specified


…wp-content/uploads/2012/07/ΠΡΩΘΥΠ.-ΑΝΤ.ΣΑΜΑΡΑΣ-ΜΠΙΛ-ΚΛΙΝΤΟΝ-1.jpg"/> </a>


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 124, Column 142: required attribute "alt" not specified


… <img src="wp-content/themes/primeminister/images/lineSlideShow_line.png"/>


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 127, Column 190: required attribute "alt" not specified


…22/9592"> <img src="wp-content/themes/primeminister/images/read_more.jpg"/></a>


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 146, Column 106: required attribute "alt" not specified


…ter.gov.gr/wp-content/uploads/2012/07/samaras_programmatikes1.jpg"/> </a>


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 156, Column 142: required attribute "alt" not specified


… <img src="wp-content/themes/primeminister/images/lineSlideShow_line.png"/>


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 159, Column 190: required attribute "alt" not specified


…06/9541"> <img src="wp-content/themes/primeminister/images/read_more.jpg"/></a>


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 178, Column 92: required attribute "alt" not specified


…www.primeminister.gov.gr/wp-content/uploads/2012/06/ypoyrgiko.jpg"/> </a>


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 188, Column 142: required attribute "alt" not specified


… <img src="wp-content/themes/primeminister/images/lineSlideShow_line.png"/>


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 192, Column 190: required attribute "alt" not specified


…21/9501"> <img src="wp-content/themes/primeminister/images/read_more.jpg"/></a>


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 204, Column 45: document type does not allow element "ul" here


$('#s4').after('<ul id="slideshowNav">').cycle({


✉


The element named above was found in a context where it is not allowed. This could mean that you have incorrectly nested elements -- such as a "style" element in the "body" section instead of inside "head" -- or two elements that overlap (which is not allowed).


One common cause for this error is the use of XHTML syntax in HTML documents. Due to HTML's rules of implicitly closed elements, this error can create cascading effects. For instance, using XHTML's "self-closing" tags for "meta" and "link" in the "head" section of a HTML document may cause the parser to infer the end of the "head" section and the beginning of the "body" section (where "link" and "meta" are not allowed; hence the reported error).
Error Line 204, Column 46: character data is not allowed here


$('#s4').after('<ul id="slideshowNav">').cycle({


✉


You have used character data somewhere it is not permitted to appear. Mistakes that can cause this error include:
putting text directly in the body of the document without wrapping it in a container element (such as a <p>aragraph</p>), or
forgetting to quote an attribute value (where characters such as "%" and "/" are common, but cannot appear without surrounding quotes), or
using XHTML-style self-closing tags (such as <meta ... />) in HTML 4.01 or earlier. To fix, remove the extra slash ('/') character. For more information about the reasons for this, see Empty elements in SGML, HTML, XML, and XHTML.
Error Line 212, Column 89: character data is not allowed here


…urn '<li><a href="#">' + $('#slide_legend_'+x).get(0).innerHTML + '</a></li>';


✉


You have used character data somewhere it is not permitted to appear. Mistakes that can cause this error include:
putting text directly in the body of the document without wrapping it in a container element (such as a <p>aragraph</p>), or
forgetting to quote an attribute value (where characters such as "%" and "/" are common, but cannot appear without surrounding quotes), or
using XHTML-style self-closing tags (such as <meta ... />) in HTML 4.01 or earlier. To fix, remove the extra slash ('/') character. For more information about the reasons for this, see Empty elements in SGML, HTML, XML, and XHTML.
Error Line 224, Column 91: character data is not allowed here


…turn '<li><a href="#">' + $('#slide_legend_'+x).get(0).innerHTML + '</a></li>';


✉


You have used character data somewhere it is not permitted to appear. Mistakes that can cause this error include:
putting text directly in the body of the document without wrapping it in a container element (such as a <p>aragraph</p>), or
forgetting to quote an attribute value (where characters such as "%" and "/" are common, but cannot appear without surrounding quotes), or
using XHTML-style self-closing tags (such as <meta ... />) in HTML 4.01 or earlier. To fix, remove the extra slash ('/') character. For more information about the reasons for this, see Empty elements in SGML, HTML, XML, and XHTML.
Error Line 230, Column 15: end tag for "ul" omitted, but OMITTAG NO was specified


</script>


✉


You may have neglected to close an element, or perhaps you meant to "self-close" an element, that is, ending it with "/>" instead of ">".
Info Line 204, Column 24: start tag was here


$('#s4').after('<ul id="slideshowNav">').cycle({


Error Line 262, Column 76: required attribute "alt" not specified


…rimeminister/images/youtube_icon.png"/><a href="/youtube" title="">youtube</a>…


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 263, Column 75: required attribute "alt" not specified


…primeminister/images/flickr_icon.png"/><a href="/flickr" title="">flickr</a></…


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 264, Column 76: required attribute "alt" not specified


…rimeminister/images/twitter_icon.png"/><a href="/twitter" title="">twitter</a>…


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 265, Column 138: required attribute "alt" not specified


…mes/primeminister/images/podcast.png"/><a href="http://www.primeminister.gov.g…


✉


The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.


Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
Error Line 270, Column 189: document type does not allow element "div" here; missing one of "object", "applet", "map", "iframe", "button", "ins", "del" start-tag


…CF%8D%CE%BB%CE%B9%CE%B1/" target="_blank"><div id="button_upourgika"></div></a>


✉


The mentioned element is not allowed to appear in the context in which you've placed it; the other mentioned elements are the only ones that are both allowed there and can contain the element mentioned. This might mean that you need a containing element, or possibly that you've forgotten to close a previous element.


One possible cause for this message is that you have attempted to put a block-level element (such as "<p>" or "<table>") inside an inline element (such as "<a>", "<span>", or "<font>").
Error Line 358, Column 99: end tag for element "script" which is not open


…vernment.gov.gr/govbar/govbar_cachefile.js' type='text/javascript'/></script>


✉


The Validator found an end tag for the above element, but that element is not currently open. This is often caused by a leftover end tag from an element that was removed during editing, or by an implicitly closed element (if you have an error related to an element being used where it is not allowed, this is almost certainly the case). In the latter case this error will disappear as soon as you fix the original problem.


If this error occurred in a script section of your document, you should probably read this FAQ entry.
HTTP/1.1 200 OK
Server nginx
Date Tue, 24 Jul 2012 14:26:34 GMT
Content-Type text/html; charset=UTF-8
Connection keep-alive
Vary Accept-Encoding,Cookie
Cache-Control max-age=3, must-revalidate
WP-Super-Cache Served supercache file from PHP


--------- LINK SCAN SUMMARY ---------
URL scanned: http://www.primeminister.gov.gr/
PhisTank say's: This site is safe.
AVG say's: Service not available.
SiteTruth say's: This site is safe.
Google Safe Browsing say's: This site is safe.
Threat Name: No Threat FOUND
Threat Definitions: 1277640
Engine Version: 0.97.5
Host IP: 193.105.109.40
Link Status: Clean
File Size: 19.79 KB
Time Finished: 5.02 secs
Overall result: This site is secure.


web site: http://www.primeminister.gov.gr/
status: Verified Clean
web trust: Not Blacklisted
warn: WordPress version outdated: Upgrade required.



Security report (Warnings found):
check Blacklisted: No
error Outdated software: Yes
check Malware: No
check Malicious javascript: No
check Malicious iFrames: No
check Drive-By Downloads: No
check Anomaly detection: No
check IE-only attacks: No
check Suspicious redirections: No
check Spam: No


,,,,,2b continued....


***DONT STEAL MONEY FROM THE PEOPLE FOR THINGS THAT COST NOTHING AT ALL***


WE ARE ANONYMOUS
WE ARE LEGION
WE ARE ALL ALIKE
EXPECT JUSTICE
***********************************************************************************************************
http://pastebin.com/8yZKpFnw