Not sure if it was the 2.9.1, OR some of the plugins, OR maybe even another site on the server... but my recent install of 2.9.1 was hacked by some Turkish group of JERKS. The websites are down and my server guys are restoring a previous image. How do these jerks get in? Is it likely they got in through WP somehow? This site in question has been up for just a little over a week. I have read all the "suggestions" as to what steps to take in the future and my server guys have suggested some additional security measures, but what is the likelyhood that this would happen again? MOST of my sites that use WP have custom themes, friendly URLs, and don't "smack" of WP too much. How do these jerks find sites like that?
2.9.1 hacked? (4 posts)
-
-
RangerPretzel
Posted 2 years ago #Any number of ways:
- weak password (a strong password has many letters, numbers, and characters)
- used a public terminal that had spyware on it (captured your password)
- spyware on your own personal PC (do you have anti-virus/anti-spyware on your own PC? I'm a fan of Avast.)
- SQL injection attack (theoretically WP might have a flaw in its design that the hackers are exploiting)WordPress sites can be determined/identified typically just by unique signatures found in the HTML.
-
My passwords are usually 8-12 chars, mixed upper and lower, nums and special chars, so I seriously doubt it was an actual pw hack. However, some of the sites DO have users and they may have changed pws to be something different.
I have a laptop I take everywhere and mobile broadband so I don't use any public systems.
I have Avast also. (Great prog!)
The SQL injection was what I was concerned about. The sheer # of sites on this server that have wordpress installed is big. My question would be, tho, is there a way to check, log files to look for, or anything else that my server guys can perhaps track down which account/user/website/etc it happened to? Perhaps one of my older sites hasn't been upgraded to 2.9.1 (tho the site that I was working on at the exact time of the hack (coincidence or not) was running 2.9.1 and a fresh install as of 10 days ago).
So its entirely possible that even though I get back up and going and am completely clean and void of all previous hack evidence, I may get hacked again? Simply due to the way wordpress html code is outputted?
-
Posted 2 years ago #Ok, so it sounds like you've taken proper precautions.
It's not so much the HTML. It is the PHP mechanism for submitting things and/or things that call the DB.
When you submit, say, a new post via WordPress's mechanism, the PHP code is *supposed* to strip out any possible SQL code or anything else that could maliciously cause a SQL injection attack to occur, but of course, programmers working late or what-not can inadvertently create bugs which can be exploited.
What I would do if I were you is Google "harden wordpress" and see what you come up with. I imagine there are a few good articles out there on how to minimize or mitigate attacks/exploits against WordPress.
Topic Closed
This topic has been closed to new replies.
