Posted 1 year ago #
Help! After installing Wordpress 2.5 over the weekend, I got an email this morning from a reader telling me that on visiting my blog, he got the wp-admin/install.php page.
You can see for yourself at http://mediationchannel.com
I'm relatively new to Wordpress and have no clue what went wrong! Can someone please help me figure out what happened? It looks like I may not be the only person affected by this issue!
Thank you so much for any help you can give - I'm pretty frantic.
Posted 1 year ago #
Is this an upgrade from a previous version?
does wp-config.php exist on the server? or did you nuke it by accident?
Posted 1 year ago #
Yes,this is an upgrade from Wordpress 2.3.3. And yes, the wp-config.php does exist on the server. It didn't get nuked.
One other thing I can tell you though is that I checked in the SQL database and discovered one thing. There's a message in there that reads:
#1194 - Table 'wp_options' is marked as crashed and should be repaired
Any idea what that means and how it can be fixed?
Thanks again!!!
Posted 1 year ago #
You'll need to repair that table, you should be able to do this in your sql management (usually phpmyadmin).
Just click on the database then check the box next to the wp_options table and select repair.
Posted 1 year ago #
There's a sad, sick twist that I just discovered. I repaired the wp_options table. Then I decided to poke around further in the database and looked in the wp_users section. Here's what I found.
Someone hacked my site and added themselves as an admin. I contacted my host and alerted them, but they asked me to contact Wordpress to ask for further help in preventing further attacks. I removed this person from the site, changed my passwords, but I'd like to know what else I can do. I've found some stuff on other sites that suggests that Wordpress 2.5 may have a vulnerability in the Secret Key.
I did the upgrade to Wordpress 2.5 using Fantastico in my host's cPanel.
Is there anything I can do to prevent another attack and secure my site?
Thanks again for help, I really, really appreciate the support of all these wonderful Wordpress volunteer experts!!!
:)
WordPress 2.5 does not have any known vulnerabilities. That secret key thing is basically saying that if, when you upgrade, you don't manually setup a secret key, then you could not have as much security as you think you do.
Setting up a secret key is easy. Add this to the wp-config.php file, right after the other define statements:
define('SECRET_KEY', 'put your unique phrase here');
That unique phrase should be something long and random. I recommend going here and getting something really random from the "random printable ASCII characters" to paste in:
https://www.grc.com/passwords.htm
That will invalidate all your logins, so you'll have to relogin, but doing it will greatly increase the cookie security in WordPress 2.5.
But generally, it's entirely possible somebody came in through some other route. This is usually the case.
it's expecially important to check what people are saying about plugins. Wordpress can be as secure as you like, but if you're installing 3rd party .php files, you're basically trusting them with access to your site.
As nice as it is that people are out there writing plugins, there's a tradeoff in terms of quality control.
Posted 1 year ago #
At the risk of sounding dense here, Otto42, by "invalidate all of your logins" you are saying that all of our users need to create a new user name password combo for themselves?
True, plugins can be vulnerable too, and you see a lot of WP plugins reported as such on Buqtraq. It is important to keep plugins up to date.
mechx1: No, they will just need to login one more time, the "remember me" cookie they already have will not work for them any more.
They will not need to change their passwords or anything. Next time they try to access the site, they'll get the login screen. That's all.
Posted 1 year ago #
It looks like my config.php file already has a secret key. Should I create another, and replace the old one with the new one, and then upload the edited config.php file?
Just another question...I've checked the few plugins I'm using and can't find any info about known vulnerabilities (I'm using plugins like Akismet and Bad Behavior anyway...). Is there a web site you can recommend where I can look that kind of stuff up?
Also, what do you recommend now in terms of securing my site to prevent this from happening again?
Thanks again!
It looks like my config.php file already has a secret key. Should I create another, and replace the old one with the new one, and then upload the edited config.php file?
Can if you like. Won't hurt anything.
Just another question...I've checked the few plugins I'm using and can't find any info about known vulnerabilities (I'm using plugins like Akismet and Bad Behavior anyway...). Is there a web site you can recommend where I can look that kind of stuff up?
http://www.securityfocus.com/
Search is the box in the upper right.
Also, what do you recommend now in terms of securing my site to prevent this from happening again?
This topic has been closed to new replies.
