Anonboy hack

aerta
(@aerta)

9 years, 11 months ago

Anyone have any experience of being hacked by Anonboy? He’s hacked five of my sites this week. He seems to enter the MySgl database and changes the UFT-8 charset to UFT-7. Then wreaks havoc on the site.

Any advice gratefully received.

Viewing 6 replies - 1 through 6 (of 6 total)

esmi
(@esmi)

9 years, 11 months ago

You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Anything less will probably result in the hacker walking straight back into your site again.

Additional Resources:
Hardening WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

lapd
(@lapd)

9 years, 11 months ago

Hi!

I am having the same problem on one of my sites … I can open the front page just fine, but when I click on any link or subpage I get a blank page saying hacked by anonboy.

I have cleaned up all the wordpress files and I am certain that there is something going on in the database, because I have tried to install the site with a fresh mysql and it worked. There is just some much custom things to repair that I would really like to restore/repair the original database somehow.

Anyone had the same problem and found a solution?

Thread Starter aerta
(@aerta)

9 years, 11 months ago

Hi,

Yes, I had five sites hacked by Anonboy. He’d accessed the server through insecure passwords (not mine) and proceeded to hack other WP sites on the same server. All my plugins and versions of WP were up-to-date.

The solution I found was to get my hosting company to reinstate the sites from their most recent backups (from a few days before). Some of these versions had been hacked but the hacking hadn’t taken full hold so they were able to strip out the bad code and restore the sites (apart from some widgets which I had to reinstate).

I then went into all my sites and changed the passwords and installed the ‘disable comments’ plugin – apparently Anonboy gains access to the database by going through comments.

Anonboy’s IP address is in Singapore. Not sure how he gets off on this but he clearly thinks he’s cool.

Good luck.

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

9 years, 11 months ago

Just a side note.

The solution I found was to get my hosting company to reinstate the sites from their most recent backups (from a few days before).

Generally speaking, that doesn’t work…

If the attacker got in via compromised passwords, and your backup was 100% clean, and you’ve changed your passwords to something more secure THEN that could be a solution and I’m glad if that works for you.

But if the attacker got in via a weakness in the server config or an add-on such as a plugin then restoring the backup won’t do it for long.

lapd
(@lapd)

9 years, 11 months ago

OK, I have managed to get the backup and it works for now … we will see what happens 🙂

Thanks!

Thread Starter aerta
(@aerta)

9 years, 11 months ago

Attacker got in via insecure passwords and compromised CHMOD permissions – someone else’s on the shared server. So far, reinstated backups, changed passwords and dodgy code stripped out seems to be working. Fingers crossed.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Anonboy hack’ is closed to new replies.

Anonboy hack

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics