WordPress.org

Ready to get started?Download WordPress

Forums

DreamHost says I have been hacked (3 posts)

  1. chrisgeleven
    Member
    Posted 8 years ago #

    I just received this e-mail from DreamHost:

    I'm very sorry but I had to disable chrisgonyea.com/index.php. It had
    been compromised by a hacker and was being used to execute commands on
    the server. It looks like it was WordPress. Please be sure that you are
    running the latest version of WordPress. I disabled the file by merely renaming index.php to
    disabledByDreamhost.php.

    The catch is I literally just upgraded to the latest version of WordPress (1.5.2) yesterday early afternoon.

    I am changing my passwords right now, uploading a copy of index.php again directly from a fresh download on wordpress.org, and e-mailing DreamHost to see if there is still an issue and if they can shed any more light into what happened.

    The disabled index.php file contains:

    <?php
    /* Short and sweet */
    define('WP_USE_THEMES', true);
    require('./wp-blog-header.php');
    ?>'

    Which is the exact same as what I just redownloaded from WordPress.org:

    <?php
    /* Short and sweet */
    define('WP_USE_THEMES', true);
    require('./wp-blog-header.php');
    ?> '

    Anyone have any other ideas on what I can do or how this happened?

  2. skippy
    Member
    Posted 8 years ago #

    It's possible that you were compromised before you upgraded, and their log monitoring was also lagging behind your upgrade.

    Re-install WordPress 1.5.2 from scratch. Also follow these instructions for disabling register_globals:
    http://wordpress.org/support/topic/41836

    WordPress 1.5.2 should include logic to work around register_globals being on, but the generally accepted principal is "security in depth": protect yourself and your site in as many ways as possible.

  3. Lazurus
    Member
    Posted 8 years ago #

    Not as bad as what canaca.com did to my site...

    "We have logs that you were spamming. We have deleted all of your files and are suspending your account indefinitely.

    Thank you for using Canaca.com"

    They attributed it to the comments on our site - which were disabled and removed from the template. Worst hosts ever.

Topic Closed

This topic has been closed to new replies.

About this Topic