WordPress.org

Ready to get started?Download WordPress

Forums

Security question after being hacked twice in 10 days (13 posts)

  1. muskogeerabbit
    Member
    Posted 6 years ago #

    After having been hacked twice in two days, I see there is one thing I don't understand. When you sign into the Admin area, of WordPress, you enter http://www.sitename.com/wp-admin... and then are requested for an id and password. It looks like to me that all of this interaction occurs in a non-secure environment.

    What prevents the id and password from being picked up by a hacker and signing in from his location and adding his own code to the WordPress files via the WordPress itself?

  2. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    What prevents the id and password from being picked up by a hacker and signing in from his location and adding his own code to the WordPress files via the WordPress itself?

    Because somebody sniffing the traffic along the wire and grabbing your password is about 1000000x less likely than somebody simply hacking into your site in one of a thousand easier ways.

    If this seriously concerns you, there's plugin to make the admin pages use SSL encryption. However, this is about the least likely way to get access to your site that there is.

  3. muskogeerabbit
    Member
    Posted 6 years ago #

    So the answer is that it is unsecured but the odds are that no one will do it. Why not just secure the Admin functions and not leave it to chance?

  4. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    So the answer is that it is unsecured but the odds are that no one will do it. Why not just secure the Admin functions and not leave it to chance?

    Because SSL is not something that can be setup easily and/or for free. It's not a plug and play solution. You need certificates and such, the configuration is unique to different hosts, and WordPress does not provide those or support those.

    As for "the odds", it's not really that simple. It's not like anybody can sniff any traffic anywhere on the network with just a few tools. Somebody would have to have access to the specific routers/wire between you and your hosting service. "Hacking" the network is not magic, it requires specific access to specific places and specific knowledge.

  5. muskogeerabbit
    Member
    Posted 6 years ago #

    Well, I am at a loss. After the last two hacks, I still don't have a clue as to how they got in. Permissions are correct on my libraries. I only use two plugins. 1) Bad Behavior and 2) WordPress Database Backup.

    If my Permissions are set to 755 then a hacker should not be able to write to my directories unless the have access to my root segment as a user.

    There seems to be a lot of recent complaints about hacks and many by the same redirect. Are we sure that this isn't a flaw in 2.5. The last time I was hacked was three years ago under a much earlier release of WP.

    Within a week of installing 2.5 I was hacked. I re installed (having removed the infected modules) and within another week I was hacked again.

  6. SoundTrip
    Member
    Posted 6 years ago #

    Hi, Can you let us know exactly what was hacked? I woke up this morning and all of WP 2.5 domains were broken. I can not edit anything today, none of the toolbars in the tiyeMCE editor work. I have this issue on 5 blogs simultaneously and have been on 2.5 for well over a week with no such issue.

    I haven't changed anything on my server so something must have changed somewhere else.

    Thanks,
    Trip

  7. haochi
    Member
    Posted 6 years ago #

    Well, just dump a .htaccess & .htpasswd into the wp-admin directory and see if it helps, install NoScript (or equivalent) for your browser to prevent possible XSS.

  8. whooami
    Member
    Posted 6 years ago #

    soundtrip, and what besides what you have mentioned tells you your site is experiencing something similar?

    I ask because the VERY first thing people think when their site(s) break is that they were hacked, and thats rarely the case.

    Especially when the sites are all on the same box, as you seem to suggest.

  9. muskogeerabbit
    Member
    Posted 6 years ago #

    In my case all php files has iframe code placed at the end of the file redirecting to another site. It was very easy to tell it was hacked. You could also see the transfer taking place by looking at the urls being displayed in the bottom of the browser.

  10. whooami
    Member
    Posted 6 years ago #

    muskogeerabbit,

    I dont doubt you, or that your site was compromised.

    I questioned soundtrip because its often the first thing ppl think when their site(s) break. "have I been hacked??" posts number plenty around here, and most of them havent.

    Sometimes I almost think people want to be hacked, like its a badge of web honor or something.

  11. whooami
    Member
    Posted 6 years ago #

    heres the kicker though,

    <meta name="generator" content="WordPress 2.0.1" /> <!-- leave this for stats please -->

    thats what google saw on soundtrip.com on April 9.

    so guess what soundtrip, that blog might have been hacked. not while you were running 2.5 but prolly while you were running software that is .. what 2 years old?

    If so, they have probably had an admin password for months.

  12. SoundTrip
    Member
    Posted 6 years ago #

    whooami,

    Hi. I appreciate you looking at SoundTrip. Yes, SoundTrip.com is very old and has not been updated in quite some time. That is why that particular domain was down; it is not the domain I have issues with.

    I'm not implying that I was hacked. I just wondered what the other user saw that indicated he was hacked.

    I am a web host and have many domains all running the same code with the exception of SoundTrip. I truly suspect that something else happened to kill my sites but need to cover all bases; never hurts to ask.

    My symptoms are that the fluency admin console no longer works and that the tinyMCE editor no longer allows users to switch between the view and html modes. If by chance I am able to switch I just get a blank page. I have disabled all plugins to no avail.

    I have tried reverting back to PHP4 to see if something changed on that end but that made no difference. I have also tried both Firefox and IE with the cache disabled.

    It's not my only server so I will try another but I'd like to know what is happening. Never saw something like this before.

    Regards,
    Trip

  13. SoundTrip
    Member
    Posted 6 years ago #

    Update: I re-installed wp 2.5 to all sites affected and everything looks good now. I may have had a file system issue on my server; don't believe I was hacked. - Trip

Topic Closed

This topic has been closed to new replies.

About this Topic