WordPress.org

Ready to get started?Download WordPress

Forums

Hacked? (10 posts)

  1. Emilie
    Member
    Posted 12 months ago #

    Would like opinions on this situation :

    I received an email from a student this morning (I teach web design and I have them working on my WordPress Multisite install) that he got this email :

    Your new Multisite site has been successfully set up at:
    http://www.xxxxxxxx.com/multisite/xxxxxxxx/

    You can log in to the administrator account with the following information:
    Username: xxxxxxxx
    Password: N/A
    Log in here: http:/xxxxxxxx/multisite/xxxxxxxxx/wp-login.php

    We hope you enjoy your new site. Thanks!

    --The Team @ Multisite

    I removed some informations with the x but the rest is the same : Password showed N/A and I didn't create any users.

    Yesterday the site worked and I didn't do much on it. My students can add CSS but not plugins or themes.

    So I tried to login this morning and I get a pop-up requesting Username and Password instead of the normal login screen. Pop-up says :

    The server xxxxxx:80 requires a username and password. The server says : Human Check - U:wordpress P:xxxxxxxxx

    I removed the password information but none of these informations correspond to my login and password. I tried checking my cPanel and I get the same pop-up. I didn't enter any of my info but some of my students probably did. Smells fishy?

    What's your take on this?

  2. Emilie
    Member
    Posted 12 months ago #

    Just to add info, I've contacted my host to see if it's something they have implemented and I'm waiting to hear back from them. Is that common?

  3. Brett
    Member
    Posted 12 months ago #

    I'd recommend looking through the functions.php file of all your themes, then the wp-config.php for your MultiSite, and finally the .htaccess for any weird code!

  4. Emilie
    Member
    Posted 12 months ago #

    Thanks Brett, checking right now. I have other WordPress installations on this space and all are reacting the same.

  5. Emilie
    Member
    Posted 12 months ago #

    I've checked the functions.php of the theme the student used but checking all of them will take forever (they made me install LOTS of themes in their enthusiasm lol...) nothing fishy in my .htaccess or wp-config files and in the functions.php files I've check so far

  6. Andrew Nevins
    Barrel Rider, Spam Zapper & Volunteer Moderator
    Posted 12 months ago #

    Try running your site on this
    http://sitecheck.sucuri.net/scanner/ - To check for malware.

  7. Emilie
    Member
    Posted 12 months ago #

    Everything is good (only warning is for outdated software), I have some older WordPress installations on there.

  8. esmi
    Theme Diva & Forum Moderator
    Posted 12 months ago #

    I strongly suggest that you read this article.

  9. Emilie
    Member
    Posted 12 months ago #

    esmi, great info thank you! I will go through it and fix what needs to be.

    Things got solved out. My web host spotted attacks and installed that extra check to make sure we don't get hacked. I much prefer that! Currently making sure all my students' sites are ok.

  10. Bozz
    Member
    Posted 6 months ago #

    Just to follow up, I think many webhosts were implementing this as part of a defense against brute force password attacks. Surprised me too! I don't think we were hacked, just a security precaution on the part of webhosts.

Reply

You must log in to post.

About this Topic