WordPress.org

Ready to get started?Download WordPress

Forums

site hack -- deleted wp_posts and wp_users (6 posts)

  1. TomJohnson
    Member
    Posted 4 years ago #

    One of my client's sites was hacked, I believe. I just checked it and didn't see any content appearing. I tried logging in but couldn't. I looked in the database via phpmyadmin and saw that the tables wp_posts and wp_users were missing.

    He had 2.8.4 -- the latest version of WordPress. To fix the hack, I manually upgraded the site to reinstall 2.8.4, but it didn't fix it. So I imported a backup of the database to restore the site.

    I know there's a worm going around. But I thought signs of infection included a bunch of spam embedded in your posts, not total post deletion. I also thought sites with 2.8.4 were safe.

    Has anyone else experienced a hack like this? Is it possible to delete these mysql tables from the dashboard area? Did someone hack into my server and access phpmyadmin?

  2. Samuel B
    moderator
    Posted 4 years ago #

    I also thought sites with 2.8.4 were safe.

    not if the back door hack was brought along with the upgrade to 2.8.4

    until all files and db are cleaned it can always come back
    read the sticky about the hack going around for help
    http://wordpress.org/support/topic/307660?replies=1

  3. TomJohnson
    Member
    Posted 4 years ago #

    Wow, it happened again. The thing is, it's not as if someone is inserting malicious code into the posts. All the posts are simply gone, as well as the users. So I can't log in. All I see is a blank blog with the default template. No signs of another user or spam in the posts. I have to figure out what's going on. Is there another type of hack where the hacker just deletes your posts and users?

  4. TomJohnson
    Member
    Posted 4 years ago #

    Happened again. I'm at a loss for the solution.

  5. Mark / t31os
    Moderator
    Posted 4 years ago #

    Change your passwords, FTP, Login, and MySQL DB password.. (that's for starters)..

    Do you have any other applications on the server that use a MySQL database? , perhaps he's using an insecure app to perform operations from another MySQL account belonging to another app that's installed..

    Checked the access logs, and/or error logs?

    It won't help by exposing your files like this either, assuming this is the site in question.
    idratherbewriting.com/wp-content/plugins/wp125/

    Might be helpful to clear out any plugins you don't use, just to avoid them being a possible cause. Anything plugin wise that isn't activated or used but sits on the server, remove it..

    You need to at least start narrowing down what the cause could be.... else you'll be going on like this until you give up out of frustration or the other guy gets bored....

  6. TomJohnson
    Member
    Posted 4 years ago #

    Thanks for the tips. I'll go through and make all of these updates.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags