WordPress.org

Ready to get started?Download WordPress

Forums

Hacked WordPress Installs x2 (5 posts)

  1. welshhuw
    Member
    Posted 2 years ago #

    Hi,

    I had two WP sites hacked over two days. Both on the same hosting server.

    When viewing the website, it actually had webpage with blank background, starts and corny text saying that I have been hacked blah blah, and "Im proud to be Indian." Also with cheesy music.
    I logged into the FTP and found a few files a had been added. index.html was added, index.php had been removed, 404.php had been added and this next file:
    wysiwgPro_preview_eacf331foffc35d4b482f1d15a887d3b.php with a file type of application/x-httpd-php

    Not sure what that is?!

    How I knew was that WP sent me an email to say that I had forgotten my password and that it had been reset. I managed to get back in by changing the password in phpmyadmin. The guy had added his email address into my User Profile too.

    What I want to know is; How did this guy get into the backend by changing my password and how did he alter the files in my FTP?

    The other worrying thing is that he went and did it all over again to another website on the same server. Same method etc. Has this guy got details to my other sites?? If so, How?

    I understand that it may be an impossible question to answer but I would love to find out if any of your guys have an idea?

    Thanks in advance.

  2. How did this guy get into the backend by changing my password and how did he alter the files in my FTP?

    We have no way of telling you that.

    However seeing that the DB and FTP were edited, it's most likely he got in via

    (1) your SERVER user ID and password (which you should change ASAP)

    (2) Your host allowing cross-user scripting.

    Now, number 1 happens often if you don't use SSH/SFTP and otehr secure ways of accessing your server.

  3. welshhuw
    Member
    Posted 2 years ago #

    Thanks Ipstenu for your advice.

    Do you think they got my Server login credentials via my Mac? I have heard about the Flashback malware/trojan that's been hitting mac users recently.
    Or do you think they cam in via my website using cross-user scripting techniques?

    *Sorry, I am not clued up on hacking etc!

    Also, may be a silly question but how can I check if my hosting allows cross-user scripting? Just ask right? I'm afraid if I do ask they may just say no.

    Thanks again.

  4. welshhuw
    Member
    Posted 2 years ago #

    Also; is there anything I can do to report the hacker? I know who it is and found a website that they have posted on, containing a list of the websites this person has hacked. Including my two.

  5. Do you think they got my Server login credentials via my Mac? I have heard about the Flashback malware/trojan that's been hitting mac users recently.

    Eh. Hard to say (possible, though). Check http://support.apple.com/kb/HT5246 and http://support.apple.com/kb/DL1517 and test if you've been hacked.

    Tell your webhost about the hack, and they should help.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags