WordPress.org

Ready to get started?Download WordPress

Forums

Hacker attack (3 posts)

  1. erniew
    Member
    Posted 6 years ago #

    Three times this month one of my sites have been hacked. The first time only the index.php file was compromised. The latest time (sunday august 27) was much more serious. Someone planted malware in the template folders, with the result that people going to the site got a phishing message claiming to be from Bank of America.

    Someone immediately contacted Bank of America, who contacted my web host, who suspended the site. Later on I got a nasty message from the host, telling me that my site had contained illicit material, and if they found it once again, my account would be terminated.

    I really don't know how they managed to go into my account. The password was rather fresh and 8 characters. Maybe there is some vulnerability in my recent version. But just now I cannot upgrade, because I'm running the plugin MyGallery, and it is not working under 2.2. So before I upgrade, I have to find another solution to the problem with pictures. And my, it's a job to upload all the pictures once again.

    Are there some known issues about 2.1.3, vulnerabilities that I could protect myself from?

    This is really concerning me!

    /EGW

  2. whooami
    Member
    Posted 6 years ago #

    Are there some known issues about 2.1.3, vulnerabilities that I could protect myself from?

    Have you bothered to read anything here?

    http://wordpress.org/development/

    I dont mean to sound hard on you as it sounds like youve been chastized enough for one day, but you MUST stay informed.

    Once is 'almost' excusable. Twice isnt. Third time.. theres something really wrong with how you are "doing things".

    2.1.x is dead. And its been dead -- because, among other reasons, it was INSECURE.

    You install the latest of either 2.0.x or 2.2.x and you STAY CURRENT on upgrades. Even if you cannot be bothered to check in at that link above -- ALL of that is sent straight to your dashboard inside the admin area.

    Surely THAT isnt too hard?

  3. Jingan Eugen
    Member
    Posted 6 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic