WordPress.org

Ready to get started?Download WordPress

Forums

I think I was hacked (2 posts)

  1. gmurray
    Member
    Posted 6 years ago #

    I run a popular book blog and a few days ago I noticed all my plugins had been turned off. I checked and there was a new user account (called "wpadmin") that had been created with admin access. I cancelled the account and reactivated my akismet, etc., but then other strange things started to happen. All of my Pages disappeared and now I can't post. I installed 2.3.3 and still nothing. Further, the buttons in the editor have switched to text only versions resembling the basic editor that comes with a WordPress.com account. I can write a post and it will auto save, but if I try to save or post it, it goes to "post.php" and nothing happens -- just a white page. People can still comment normally on existing posts though.

    Can anyone tell me what happened?

  2. kilwag
    Member
    Posted 6 years ago #

    Same thing happened to me. I'll bet that your default uploads folder had turned to something like "/../../../../../../../../.." etc. Look in you uploads folder for strange folders that don't conform the naming conventions that WordPress uses. Inside there will likely be a some php files and images related to porn spam. You might have a hard time deleting them. I couldn't delete all of them via FTP becasue i didn't have the proper permissions. I called tech support at my ISP and the first guy had to get a supervisor to delete them because he couldn't either. All my Pages were gone, but my Posts were untouched.

    Changing the permissions on the upload folder to 755 helped me, I got hacked again, all my plugins were turned off but they were unable to upload files. Finally I relented and "upgraded" to 2.3.3. I had been waiting because I was angry about losing inline post previews. I guess having to install a plug in is better than getting hacked repeatedly.

    However... less than two days after installing 2.3.3, someone managed to login as admin (from Amsterdam - I used Audit Trail plugin) and they altered the most recent post, filled it with 6's.

Topic Closed

This topic has been closed to new replies.

About this Topic