WordPress.org

Ready to get started?Download WordPress

Forums

Have I been hacked? (5 posts)

  1. xela321
    Member
    Posted 7 years ago #

    My MySQL server usually gets about 50 queries an hour. However, I just noticed that for the last week, it's been getting several hundred million queries an hour. Unless I've been on the front page of Digg, Reddit, and Slashdot at the same time (I wasn't), I think something fishy is going on. Any help?

  2. kmaxwell
    Member
    Posted 7 years ago #

    Have you checked to see where the queries are coming from, or can you see what the queries themselves are?

  3. PozHonks
    Member
    Posted 7 years ago #

    If its coming from the same sources (see you logs), it looks like a DoS attempt.

  4. xela321
    Member
    Posted 7 years ago #

    @kmaxwell: I don't know how to tell where they're coming from. This is a LAMP set-up so the MySQL server is on the same machine. I don't have any accounts enabled to talk to outside hosts, just localhost connections. The only queries that look out of place (at first glance) are a lot of blobs being inserted in to wp_secureimage. This information comes from the binary logs.

    @pozhonks: Do you know if there's a way to tell what username is performing the queries?

    Also, the Apache logs (as interpreted by webalizer) don't show hundreds of millions of hits to correspond with these queries.

  5. PozHonks
    Member
    Posted 7 years ago #

    Who installed the "wp_secureimage" in your database. It is not part of the standard WP installation. What plugins have done that? And what for?
    If it is for some sort of Captcha, I believe the hacker tried to break the captcha protection, and he was maybe successful. Some people says that captcha are useless because hackers know how to get around this protection quite easily.
    So first, change quickly your database password (I hope you've already done that).

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags