WordPress.org

Ready to get started?Download WordPress

Forums

My site was hacked and host says Hello Dolly was Hacked (4 posts)

  1. uberschizo
    Member
    Posted 2 years ago #

    My website, running on WP3.2.1 and fully updated was recently hacked, when I contacted the hosts, they sent me an email that said

    Hacker IP "182.177.220.194"
    They had used a POST command on the WordPress plug-in "Hello Dolly" in order to upload the new index.php file.

    I've never heard of Hello Dolly being hacked, and wanted to know if this was them being honest or making excuses.

    I can request more information, and would also love to know how I can prevent this in future. (disabling Hello Dolly is extreme, dont you thinks ;) )

    thank you

    Schizo

  2. Here's how to report security issues with WordPress or WP-authored plug-ins: http://codex.wordpress.org/FAQ_Security#Where_do_I_report_security_issues.3F

    Are you actually running Hello Dolly to display quotes on your site? If you're not, simply delete it.

  3. Sergey Biryukov
    Trac Moderator
    Posted 2 years ago #

    I've never heard of Hello Dolly being hacked, and wanted to know if this was them being honest or making excuses.

    That email sounds like a made excuse to me. Hello Dolly has no HTML forms or settings screens, therefore it doesn't accept any POST or GET requests and certainly doesn't have anything to do with uploading files.

  4. kak0r
    Member
    Posted 1 year ago #

    Simple. When someone gets access to your administration page, they can (depending on whether you've changed permissions on the plugin directory or not) change the plugin's content, in this case the Hello dolly, and then use it to upload files. Trust me, this can be done. Happened yesterday to me. This is not a WordPress' security issue, this is just us being dumb.

Topic Closed

This topic has been closed to new replies.

About this Topic