WordPress.org

Ready to get started?Download WordPress

Forums

I got hacked today (10 posts)

  1. becs
    Member
    Posted 6 years ago #

    I got hacked again today. The last time was months ago and I took steps to improve my security and have a strong password, etc.

    Today I seem to have been affected by a combination of two things - the bad behaviour spam plugin and google ads being also apparently compromised their server side.

    Something happened with Bad Behaviour plugin and it would not allow me to do any admin work. I could not even perform a backup as every action resulted in an error to say my IP address was blacklisted, when it wasn't.

    Secondly, I hear that google ads was compromised, I do not use google ads, however I think that Bad Behaviour plugin uses it to some extent to blog spam.

    Whatever the workings of what happened, I ended up with Tramadol and gambling links on my website theme. It appears my page.php was hacked with loads of links.

    Everything is sorted now, I have disabled Bad Behaviour plugin despite it being originally very good. I have also deleted that theme that was hacked and changed my admin password and hosting password.

    But obviously this is a worry and even though i have suspicions of the cause of the problem, I cannot be sure both events were linked. Could it be a wordpress exploit? I am running the newest version.

  2. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    Something happened with Bad Behaviour plugin and it would not allow me to do any admin work. I could not even perform a backup as every action resulted in an error to say my IP address was blacklisted, when it wasn't.

    Bad Behavior had a problem earlier, this has been corrected in version 2.0.11. See here: http://wordpress.org/support/topic/146498?replies=10

    I doubt that this was related to your site being hacked.

  3. becs
    Member
    Posted 6 years ago #

    I don't know if they were related but both things happening today is a coincidence or not? I read another link today that said Bad behaviour scans google ads looking for culprits to block or something like that, so maybe the google ad compromise is related, I have no idea.

  4. becs
    Member
    Posted 6 years ago #

    Just an update, it has happened again with another theme. Lots of tramadol links etc entered onto page.php or other files.

    I don't understand what is going on and how this is happening. I changed both my wordpress password and my hosting password, I deleted the offending theme the other day and now it is occuring on another theme.

    This is nothing to do with that plugin as I thought earlier as that is not installed at the moment.

    One thing I did notice that the page.php that was affected was writable by wordpress from the dashboard. As far as I know I have never given it file permissions.

    But lets say I had given it file permissions previously to write from dashboard, is that enough for a hacker to get in and change my files? Why is there no higher level of security on wordpress to stop people accessing my stuff without my login?

    I find this very worrying as I do not understand what is going on.

    I just wish to add, I wonder if this is a security issue with the new wordpress. I am not in the business of apportioning blame, I just want to find out the source, but these two hacks have occurred since I upgraded to new wordpress last week.

  5. Becs,

    Are you on a shared host? I mean when other users update their websites are they on the same server just a different directory i.e. /home/username_here/public_html ?

    I'm asking because I doubt that WordPress is the problem but this still keeps happening to you. If you are setting your directories as owned by you but writable by all then you may have a problem with the server being compromised.

    You might want to try using a managed service such as WordPress.com if this keeps happening to you. That'll push the security onto the provider and let you get back to blogging.

    Good luck.

  6. becs
    Member
    Posted 6 years ago #

    Hello, I don't have a shared host and my hosting is only accessible by me.

    I have been using the self hosted service for over a year and apart from this happening late last year, these two incidences are the first time I have had a problem in all that time.

    I am happy with self hosted and dont want to go back to wordpress.com as I like the better customisation, but this issue is obviously getting in the way at the moment.

  7. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    If you're running the latest version of WordPress then there are no known hacks for it. So you'll need to examine the server logs and determine how they are getting in.

  8. becs
    Member
    Posted 6 years ago #

    I had the developer of one of my plugins look at my server logs and he says there is nothing to show illegitimate use or even access to page.php files.

    I had a look myself and whilst I don't understand logs much, I could not see anything relating to page.php either.

  9. iamzero
    Member
    Posted 6 years ago #

    Hi becs,
    I was hacked too a couple of days ago, and I don't think our problems are related but just in case: check out what I did to improve security and maybe we can narrow the problem down to one or two plugins.

  10. arowanna
    Member
    Posted 6 years ago #

    you could use the phphackchecker script to be notified when some files are changed on you webserver

Topic Closed

This topic has been closed to new replies.

About this Topic