[SERIOUS] numerous hacking attempts

I am pretty sure there are some undocumented exploits being actively used to hack my site. I was running 2.3 version before and thought that upgrading to latest version will fix everything, but it didn’t change anything at all.

I doubt it. Your profile shows that you were hacked before you upgraded. According to your old post someone got in months ago via ftp.

Upgrading to 2.6.1 is a good start but it is not a fix. Unfortunately you’ve got a lot of work ahead of you to repair the damage that was done already.

See this post from Donncha O Caoimh’s often quoted blog. Read the whole article. Also you may want to install his exploit scanner. It’s not a magic pill but it will help identify the extent of the compromise.

Do you have separate backups of your files and your database? You’ll need them plus you’ll need to be able to restore everything if you need to put it all back in case you really mess up.

You need to so this in baby steps. First install in a separate directory a new blank WordPress install without any plugins or theme. Do this on some box that is clean. Your PC running a local webserver (WAMP) will do. This is just to be able to clean things up.

Also seriously consider getting a new host: you’re current web host gets compromised too often.

Second, you need to go though the database dump with a text editor and remove all the bad references from your database dump. If you want try using the WordPress export your blog via the dashboard Manage -> Export. I find that editing the .xml file is easier than editing a database dump.

Now install that cleaned up database onto your blank WordPress installation. If you used the .xml file, import that file. Once you are sure that the install is clean then add customization using fresh copies of the theme and plugin.

Don’t use any existing copies you have already, they are suspect.

Now here comes the scary part. Once that’s all done you need to wipe out the existing database and files.

DON’T DO THIS UNLESS YOU KNOW YOU CAN RESTORE IT. If in doubt don’t do it. I really think you should do this on a new web host that is not managed by the existing hosting company. That way once you are clean just update your DNS record to point to the new box and lose the old one.

Install a copy of your cleaned up WordPress and if all goes well and you got all of it then you’ll be good for now.

Good luck.

You will still have to do the clean up on that blog. No way around it.

that was a different blog on a different host which has been hacked before. this one was always fine and secure.

Well, you are compromised now on that blog. Don’t know what to tell you: unless you can produce some log data (hard to do after the event) then I have to believe that something is being done incorrectly on the server.

i am on my own dedicated server, i dont plan moving anywhere else.

Cool! Doing it yourself is educational, gives you full control of everything and is the way to go. I’m on my own server and many of us are. I hope you are running a Linux, UN*X, *BSD server. I find they are easier to lock down than a Windows server on the Intenet.

Now please turn of ftp if you have not done so. You should only use ssh on your. I am guessing you are using Windows as your workstation? There are many Windows clients that can use ssh/scp and WinSCP is free and easy to use.

There are many FAQs via a good google search for securing your installation on the server side.

Once again, good luck.