Hacked: Need to Rebuild Everything

  • 756077

    15 years, 9 months ago

    My blog was compromised a few months ago. Somehow a php script got in that allowed a malicious user to upload files and store them in my blog folder. I thought I had cleared out the problem, but I found an even fancier interface allowing anyone who knows the password to upload files, execute sql, or system commands [though I think my host has disabled that]. Clearly I didn’t do such a great job with my first cleaning attempt, the webhost is compromised, or my wordpress has a big hole in it.

    With the release of 2.6 I’d like to start from scratch again, keeping only my posts/comments and related uploads and the same linking structure. Should I just blow away everything in my blog folder and start fresh with a 2.6 install, putting my db settings in wp-config? Do I need to do anything special to ensure my uploads and linking structure remains working?

    Also, if anyone is interested in the scripts that were used to hack me, I’d be glad to send them along.

Viewing 2 replies - 1 through 2 (of 2 total)
  • zoltancsaki

    (@zoltancsaki)

    15 years, 9 months ago

    hi there – i have recently been hacked as well, and i am considering doing the same thing as you – starting again with just the db content

    trouble is i have no idea how to do it? anyone have any ideas?

    Roy

    (@gangleri)

    15 years, 9 months ago

    If the hacker didn’t mess with your database, then you can just go ahead and use it. If you delete the whole WP pack, including themes, etc., but perhaps leave only the wp-config, you can just install a freshly downloaded WP and start again. You’ll have to make your theme again (or an uncorrupted version should be on your PC), find your plugins again (check if one of them wasn’t the problem in the first place), etc., but at least you’ll have your posts which are just in the database that you use again.
    Perhaps you want to “export” (using WP) or backup the database first just in case.

    But again: if something happened to your database, the hacker found out the user and password, created or changed tables, whatever, then you STILL have to clean the database before you can use it again. I’m not 100% sure (somebody fill me in), but I think the “export” function of WP has a fixed set of tables to export, so a possible new table would not be exported and can therefor not be imported in a new installation. This would mean that you can export the database, then delete EVERYTHING, including the database, start over with WP completely and import the database that you got from the earlier website, of course with different usernames, passwords, etc.

    I’m not sure what you mean with “linkin structure”, but if you refer to permalinks, that’s just a setting in WP. Importing your old data will give you a WP working with default permalinks and then you just change them (back) to how you like to have them.

    Uploads? Hm not sure if they’re in the export (I think they are), so best backup that folder and of course check if there isn’t anything fishy there. There are hacks with .jpgs that aren’t images.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Hacked: Need to Rebuild Everything’ is closed to new replies.