WordPress.org

Ready to get started?Download WordPress

Forums

HELP..My blog has been HACKED!!! (15 posts)

  1. Madsen
    Member
    Posted 8 years ago #

    Dunno what have happened, but my blog have been hacked...Someone has posted an obscene message on my blog...Whenever I try to login I'm told that it doesn't look like I've installed WP...What to do...???

    please help asap...I'm distressed bout losing my blog:-((((

  2. skippy
    Member
    Posted 8 years ago #

    Use your FTP program and login to your account. Delete _everything_.

    Contact your host, and ask them to change your database password.

    Download WordPress 1.5.2, and install it. Set your wp-config.php as needed, using the new password.

    Check whether or not your data is still in the database. If it is, you should be mostly okay. If it's not there, you will need to restore from backup. If you don't have a backup, your host might.

  3. Jonathan Dingman
    Member
    Posted 8 years ago #

    And to add to what Skippy said, if you aren't making regular either daily or weekly backups, you may want to start doing so.

    I personally run a cronjob that backups my database on a daily basis and puts it in a non-public folder so I can save it incase anything like that were to happen.

  4. nchenga
    Member
    Posted 8 years ago #

    how do i set up the cron job?

  5. skippy
    Member
    Posted 8 years ago #

    Backing_Up_Your_Database contains one option, using my WP-DB Backup plugin with my WP-Cron plugin.

    Podz has an excellent cron tutorial.

  6. Madsen
    Member
    Posted 8 years ago #

    Hmmm...I've deleted via ftp and also logged in to make an emergency backup of the DB...which returned me a 32 kb file, so I'm afraid the DB's gone. Latest DB backup dates back to april 20. (a 64 mb file), so it seems like a lot of entries have vanished.

    Even if I get a new password from my host..well...what will prevent the hacker from wrecking havoc again? Obviously my host has serious problem with securing the DB...big problem since he hosts around 7000 accounts...

    I've noticed that both my host and I use the same domain name service (http://gratisdns.dk/) so maybe it's those guys who're the weak link...

    ...sorry, but I don't know much about these things, so I'm a little lost here....

    Hope my host has some kind of backup :-/...right now I feel like giving up blogging....:-(

    (Please disregard any bad grammar and misspellings...english isn't my mother tongue)

  7. hooopla
    Member
    Posted 8 years ago #

    Madsen, I hope things work out well for you. I can imagine how disappointing this must be.

  8. skippy
    Member
    Posted 8 years ago #

    We cannot know for sure that WordPress was the entry vector used to compromise your system. Your host's web server logs would show who accessed what, and when. They are in a much better position to help you work back through this to find out what really happened.

    Also review this thread. Even though WordPress 1.5.2 is supposed to have resolved this specific vulnerability, there is no harm in applying multiple layers of defense. Security in depth is strongly encouraged.

  9. Madsen
    Member
    Posted 8 years ago #

    Thx. hooopla....I'm in a Godzilla kinda mood right now...but still...thx. :-/ (<-...the biggest smiley I'm able to come up with right now)

  10. Madsen
    Member
    Posted 8 years ago #

    Thx. Skippy...I'll check it out!

    Actually...I "know" who the guy is...well....I know his blog (http://usenet.smartlog.dk/), and I know he's been quite active in various danish usenet groups...his a Troll..and apparently also a hacker. He uses numerous open proxy's, so I'm afraid he hard to catch....If I got my dirty little hands on him he'd be typing with his nose the rest of his life...grrrr....(don't worry...I'm just daydreaming).

    My host and the domain name service (company?!) might see it as a police matter....I don't think I'll be interested in taking it that far though...

  11. skippy
    Member
    Posted 8 years ago #

    It's highly unlikely that the domain name service is involved. They might be, but it's a long shot -- focus first on working with your hosting provider for backups, if possible. If you want to pursue the matter farther, then you can begin to explore how he got in.

  12. Madsen
    Member
    Posted 8 years ago #

    Checked with my host, and according to them the hacker had probably exploited somekind of vulnerability in WP...they didn't specify:-(

  13. James
    Happiness Engineer
    Posted 8 years ago #

    Well, that's unusually unhelpful. Who's your hosting provider? WP v1.5.2 was just released and has no known vulnerabilities. I find it hard to believe that some guy just managed to find a vulnerabilitiy with it on your blog in just a matter of hours. If that was the case, we should have heard more reports of it by now, as the "hacker" would have exploited more blogs than just yours.

  14. Joni
    Member
    Posted 8 years ago #

    Sounds like the web host is just engaged in some finger pointing rather than looking inward to find the culprit and plug the security hole.

  15. Madsen
    Member
    Posted 8 years ago #

    Well...I was using WP 1.2 so that might explain it...Anyway...I think I'll be looking (suggestions are welcome) for a new and more reliable (in every sense of the word) host.

    I don't wanna go through this again, and this whole experience has made me a little...ehhh...hestitant 'bout using WP. Dunno...guess it all relates to me using an old version of WP. I'll take your word for it when you say that I can trust WP...

    I had made an entry 'bout "Indispensable Mac OS X software" which was meant as a help to new macusers. It was just starting to generate quite some hits (after my standards that is...around 2000 a day), so I'm really annoyed 'bout this.....Hope people will find the list again when I switch to a new host.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.