Hacked by iSKORPiTX

Resolved andyhoyland
(@andyhoyland)

15 years, 8 months ago

Hi there people.

I have searched codex and google for help on this but I can’t seem to find any answers. Recently my site was hacked by iSKORPiTX – he’s a Turkish hacker who broke some records a few years back.

You can see the result of his work on one of my wordpress sites:
‘<edited>’

Now – it’s only showing on posts given the category “podcast” but whenever I try to view them I get a black page and the message “Hacked by iSKORPiTX”. I have checked and reinstalled version 2.6.1 of WordPress, reinstalled the theme and had a look through my database and I can’t find any reference to this.

I knowm, through Google, that the previous bout of hacking by iSKORPiTX was done via a weakness in GoDaddy’s security or something like that so I contacted my hosts and they said they didn’t know anything about it and couldn’t offer support as “unfortunately many PHP/SQL based scripts in wide use on the web are not as secure as they should be and many are vulnerable to attack and SQL injections” and then suggested I contact my scripts author and let them know…

Anyone seen anything similar, or know what I should do!

Sorry if there isn’t enough information here – please do ask for more if you need it! Thanks in advance.

Andy.

Viewing 6 replies - 1 through 6 (of 6 total)

Thread Starter andyhoyland
(@andyhoyland)

15 years, 8 months ago

Rubbish – I’m really sorry – I replaced my theme and my install but didn’t clear my cache!

Replacing the category template resolved the issue.

However – if any one has any tips on how this happened I would appreciate them – and also – should I now change all my passwords and things?!

Thanks again and sorry I didn’t do the basic.

I’ll change the issue to resolved if anyone gives me tips of security!!

Byeeeeeeeee.
Andy.

libralion
(@libralion)

15 years, 8 months ago

Uploading your files again maybe? I certainly would remove your site, since there is no need to let this be on the intenet any longer.
Good luck!

Thread Starter andyhoyland
(@andyhoyland)

15 years, 8 months ago

Thanks! I’ll certainly do that – by remove my site did you mean remove the url from my orginal post?

Thanks again…

Andy.

kent-reichborn-kjennerud
(@kent-reichborn-kjennerud)

15 years, 7 months ago

Pleas give me any relevant information on this 1iSKORPiTX. He is an extreme Muslim, and I want to take him down. His situated in Norway.

In advance thanks
Kent Reichborn-Kjennerud

thisisedie
(@thisisedie)

15 years, 7 months ago

Extreme Muslims spend their time hacking WordPress?

Greenspan
(@greenspan)

15 years, 6 months ago

Kent,

Might help you with this prick iSKORPiTX. He also ruined my site.

Check this out
Cpanel for the site of where e is hosting some details
https://mavi1.org:2083/login/

Also what I found strange is that he seems to be using a hosting service from Thailand.

http://www.mavi1.org / http://www.who.is/whois-org/ip-address/mavi1.org/
http://www.mavi1.org/forum
http://www.siyamiozkan.com.tr / http://www.who.is/whois-tr/ip-address/siyamiozkan.com.tr/

I am beginning to see that he is aware of how to exploit cpanel where then replaces all of the index.html or index.php with his own.

If I where to have 5 or 6 of the sites that he exploited I guess that the majority use cpanel http://www.cpanel.net/index.html.

This is just a hunch.

Regards
Greenspan