WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] My blog's been "Hacked BY iSKORPiTX; (TURKISH HACKER)" (6 posts)

  1. minhternet
    Member
    Posted 5 years ago #

    Hello everybody,

    My blog is http://www.minhternet.com, this afternoon it was hacked, causing every page to have a header stating "BY iSKORPiTX;

    (TURKISH HACKER)"

    You can take a look for yourself since I haven't resolved the issue. I was running WP2.6 at the time and since the hack have upgraded to WP 2.6.5. I believe this went successfully since I was able to navigate to the wp upgrade page after wards, and after clicking it notified me that my databases were upgraded successfully. Is there anything specific other than the default instructions that I have to do to unmangle this guy's hacking? One major challenge has been that since the hack I haven't been able to get to my admin page - it appears I can log in, but then the admin page is blank except for the hacker's header. I can't recall if this page worked after the hacking but before my upgrade.

    Any help would be appreciated! Again the blog is http://www.minhternet.com

    Thanks,
    Minh

  2. snez
    Member
    Posted 5 years ago #

    I'm sorry that this has happened to you :(
    But read this:

    http://www.securitypronews.com/news/securitynews/spn-45-20060519IskorpitxStrikesAgain.html

  3. minhternet
    Member
    Posted 5 years ago #

    Thanks for the condolences snez.

    I have tried uploading all of the new 2.6.5 wp files again and still no luck. From what I have determined all of the files (except in wp-content) are brand new, yet I haven't been able to break free from the hack yet. Is there anything else I can try? I'd be happy to post any of the php files etc here if that helps with the troubleshooting.

    Thanks,
    Minh
    http://www.minhternet.com <- currently hacked site

  4. madcaow
    Member
    Posted 5 years ago #

    all my sites were hacked today by the same guy. although not all of them are wordpress sites.

    you seem to have gotten hit worse all he did to me was inject a new index.html file with "by iskorpitx" in plain text.

    wonder if it was a wordpress exploit that allowed him access to my server?

  5. minhternet
    Member
    Posted 5 years ago #

    My host support got back to me, looks like it was a server wide issue, someone had an old Joomla script on their site that was exploited. All fixed now, kudos to Laughingsquid for the unbelievable support. Really outstanding. I recommend them highly.
    Thanks for the help guys,
    Minh

  6. snez
    Member
    Posted 5 years ago #

    Which hosts are you all with?

Topic Closed

This topic has been closed to new replies.

About this Topic