WordPress.org

Ready to get started?Download WordPress

Forums

My site has been hacked! (14 posts)

  1. darylc
    Member
    Posted 8 years ago #

    I discovered this morning that my wp-based site appears to have been breached. Two of my 'categories' now have /Eddy_BAck0o%200wnz%20y0u!!/ appended to the URI and therefore the posts in those categories are not showing!

    For example of the problem see ...
    http://darylcook.com/archives/category/Eddy_BAck0o%200wnz%20y0u!!/

    I would appeciate any advice about where this hack lies web server / software / permalinks set-up? and how to rectify the problem!

  2. You will have to contact your hosting provider and ask them to investigate the hack. WordPress may not have been the point of entry. There are several other possibie points of entry (such as Apache, AWStats, cPanel, and PHP) to consider.

    It looks like only your permalinks were altered, so just set your permalinks again in Options/Permalinks.

  3. darylc
    Member
    Posted 8 years ago #

    Thanks for the quick response! I understand this is not necessarily a problem with wp and I have already been in contact with my provider .. they are looking into it. Thought I'd cover all the bases :) I'll try to set the permalinks again -- thanks for that suggestion! Cheers D.

  4. estjohn
    Member
    Posted 8 years ago #

    most likely, it was a mysql injection somewhere.. could be from a plugin, could be if you have php enabled to execute in posts (from a plugin) could be from anything or any plugin. Only reaosn I thought of that is because I have had that happen before on other CMS's that use php and mysql :(

  5. darylc
    Member
    Posted 8 years ago #

    estjohn, looks like you're on the money. the category_nickname fields had been altered in the db! Thanks for the pointer :)

  6. estjohn
    Member
    Posted 8 years ago #

    welcome.... good deal, glad you go it fixed...
    grrrr the people that do that stuff drive me nuts! I have had that done before on other cms's and it is annoying to no end. Though I never have mission critical data, I have to feel for people that do when those... -worms- do that sort of thing to others sites...

    sorry for the rant.. that stuff just gripes me :)

  7. vkaryl
    Member
    Posted 8 years ago #

    Gripes all of us "normal" folks....

    I *think* that some of it might be mitigated if the world would stop providing the attention the idiots are looking for. That would require SAYING NOTHING publicly, cleaning up the ick, closing the loopholes, and going on as if NOTHING had happened....

    Send the temper-tantruming 2-year-old to the time-out corner: no attention, no fun, no games, no toys, no cookies - silence is golden....

  8. estjohn
    Member
    Posted 8 years ago #

    ahh thats right... negative attention is still attention ;)

    now if the media could get it right and call these people crackers and not hackers... but that is a whole nother ballgame ;)

  9. Joni
    Member
    Posted 8 years ago #

    How are they getting into the MySQL databases? I guess I better go back those puppies up tonight, eh?

  10. estjohn
    Member
    Posted 8 years ago #

    long story short.. if you have php enabled in posts, or in some cms's it can even be done by entering an extended url of the domain with certain characters in the url.. it bascially "tricks" the code in front of the database... say the php.. to enter information into the database that the "cracker" wants to change in the database.. it pretty much takes advantage of bugs and exploits in code to allow the "Cracker" to do things that shouldn't normally be done.

    As for backing up... yes.. backing up nightly is probabally a good idea.. if you can, run it as a cron job to backup a database.. or find a way to do it on a routine schedule. Also, it depends on how often you change you site or add posts.

    there are plugins for one step backups for the database which can be used...

    keep in mind though that this is NOT the only reason you should back up a database like this. With all of the vast majority of plugins, themes and such available to change the standard wordpress installation.. there are MANY compatibility issues between plugins, themes, and even versions of WP and different plugins and themes. Files and hardrives corrupt too.

    Any reason is a good reason to backup. It hurts hard to lose a whole site.. or even a few posts from one from dataloss no matter the reason.

    If the site is a livelihood and citical, minutes and hours can cost. Even if it is not critical... think how much time you ahve spent on your site.. now multiply that times at least $30 or $40 an hour.. of the idea of losing such as memories which cant be replaced.

    Backup... period.

    And, its a good idea to backup before you make any changes wheter its code changes, upgrades, new posts, new themes, new plugins, or any changes.

    uggg I need to learn to quit rambling!

  11. Joni
    Member
    Posted 8 years ago #

    Well, you've at least jarred me from my complacency. I manage other people's web sites and I try to run backups once a week. Sometimes, that isn't enough tho. But I know who updates frequently and who hasn't updated in a year. I think I will spend the rest of the evening in PHPMyAdmin....

  12. vkaryl
    Member
    Posted 8 years ago #

    Yup. Wake up call, thanks estjohn....

  13. janit
    Member
    Posted 8 years ago #

    Hmm.. if only the permalinks were touched... could it just be that you did a chmod 777 to your .htaccess and somebody modified it?

  14. The .htaccess file wasn't altered. See: http://wordpress.org/support/topic/48724#post-268183

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.