Posted 3 years ago #
Looks like my Wordpress got hacked. I'm unsure of how much. I'm looking at it now. I was running 2.0.4 and I'm unsure how it was done, but my index.php (in my root which is the wordpress root) was physically modified.
Seems these people have struck before. Not sure if anyone has any info on it.
Posted 3 years ago #
If you had ANY folders set world-writeable (777), that's a possible ingress. If not, then it might have been a plugin coded sloppily - what plugins are you running? If not a plugin, then it probably was something else on your host server.
Posted 3 years ago #
I had a few plugins, but I don't remember which ones. I installed wordpress locally and restored a backup db to test and when it goes to wp-login it jumps to their crap on the next and I get these errors:
[code]Warning: Cannot modify header information - headers already sent by (output started at /home/parkway/public_html/wp-includes/default-filters.php:8) in /home/parkway/public_html/wp-login.php on line 9
Warning: Cannot modify header information - headers already sent by (output started at /home/parkway/public_html/wp-includes/default-filters.php:8) in /home/parkway/public_html/wp-includes/pluggable-functions.php on line 272[/code]
Posted 3 years ago #
Run a search for "headers already sent by" herein. There's a bunch of info about how to clean that up.
Moi, I'd just set up a new folder, new database, upload a fresh download of the wp distro to the new folder and run the install, then upload a backup of my custom theme and plugin files, query in a database backup (you DO have a recent one, don't you?), and go from there. If the new install is clean, you can just delete the old crap and then we can work on how to make your new install convince the SEs that it's the old one.
Posted 3 years ago #
Luckily I was able to use the existing database as my backup was a few days old.
I just moved all the files into a backup folder, copied a new install up there and then created the wp-config.php file to access my existing db.
I then copied the plugins into place and the theme. I'm good to go.
I think that I may have had the wp-content folder set to 777.
Posted 3 years ago #
Not a good idea.... if you HAVE to have it set wide open like that at some point then you are well-advised to set it back to 755 once you're finished.
Posted 3 years ago #
Yeah agreed. It was my stupid mistake. I had wp-content set to 777 for the backup and forgot to change it back afterwards. It would be nice if there was a way to have just a single folder 777 for that instead of the entire wp-content folder.
"It would be nice if there was a way to have just a single folder 777 for that instead of the entire wp-content folder."
There were objections at the outset. They were shot down. In the absence of common-sense by some of the WordPress developers, users are left to depend on their own. And I mean no disrespect to you when I say that.
The problem is with some plugin. Check for empty spaces or newlines, in all your plugins, after the ending ?> and delete them.
Posted 3 years ago #
Actually, on the client's blog where she insisted that she be able to use the upload-graphics-from-mars etc. function, I have ONLY the uploads folder set 777. wp-content is set 755. On that server it works. Not sure about it working elsewhere. I just feel lucky that it works there. I am concerned that having it open like that could be a wedge into the server; that's of course going to be on her head with the host.
Tunnleram, the safer way to backup the database is to use phpmyadmin from your host control panel. That way you don't have to change permissions/change them back.
> Tunnleram, the safer way to backup the database is to use phpmyadmin from your host control panel.
Or use mysql directly if you have telnet/ssh access.
Posted 3 years ago #
Yeah those are safer, just a bit out of the way.
What I noticed is that if you use the Wordpress backup feature it will create a backup folder underneath wp-content. Once it's created you can then leave that folder 777 and remove 777 from wp-content. I'm guessing that should be ok.
Correct me if I'm wrong and should be worried.
This topic has been closed to new replies.
