WordPress.org

Ready to get started?Download WordPress

Forums

Site was Hacked (14 posts)

  1. Tinytoes
    Member
    Posted 5 years ago #

    Someone was able to register and retreave my password. How do I stop that from happening again? I have just updated to the latest ver

  2. Roy
    Member
    Posted 5 years ago #

    2.6.2? Otherwise upgrade immediately!

    WordPress 2.6.2
    By Ryan. Filed under Releases, Security.
    Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand(). With his help we worked around these problems and are now releasing WordPress 2.6.2. If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password. Stefan Esser will release details of the complete attack shortly. The attack is difficult to accomplish, but its mere possibility means we recommend upgrading to 2.6.2.

    Other PHP apps are susceptible to this class of attack. To protect all of your apps, grab the latest version of Suhosin. If you’ve already updated Suhosin, your existing WordPress install is already protected from the full exploit. You should still upgrade to 2.6.2 if you allow open user registration so as to prevent the possibility of passwords being randomized.

    2.6.2 also contains a handful of bug fixes. Check out the full changeset and list of changed files.

  3. Tinytoes
    Member
    Posted 5 years ago #

    Once I had fixed the site, wp informed me of the update to 2.6.2. I updated. Now I know that problem is fixed, so thankyou for your reply.

  4. Tinytoes
    Member
    Posted 5 years ago #

    Ok this person has retreaved my pw again. After I have updated to 2.6.2. He has changed my email to his.If this continies I will have to drop Wp.

  5. ronchicago
    Member
    Posted 5 years ago #

    while you are trying to fix things look into this plugin =

    http://wordpress.org/extend/plugins/sabre/

    good luck and keep us posted.

  6. Tinytoes
    Member
    Posted 5 years ago #

    I just found 2 files in gallery. index.php and indexc.php. Index.php is a trojen. Trojen horse/backdoor.c99shell

  7. Tinytoes
    Member
    Posted 5 years ago #

    thankyou Ronchicago I have installed that mod, it works great. I also installed lockdown.

  8. ronchicago
    Member
    Posted 5 years ago #

    tinytoes,

    great!

    just curious. how did you go about finding the trojan? through the database? or ftp client?

  9. Tinytoes
    Member
    Posted 5 years ago #

    Blind luck, I downloaded the content directory in a fit of madness, and my AV picked it up. is there a way to scan a site?

  10. kevint312
    Member
    Posted 5 years ago #

    Not sure if my site was hacked or not but I can not get into the admin. I tried to reset it and the site does not recognize the confirmation link. What steps should I take next. Thanking you in advance for your words of wisdom.

  11. whooami
    Member
    Posted 5 years ago #

    kevint312, youre not sure if you have header errors either -- did you want to try to locate one of those threads also and maybe post in there too? :(

    How about sticking to ONE thread you can follow easily? And within that ONE thread providing a link to your blog, and then explaining/elaboarating on what "the site does not recognize the confirmation link" means, specifically? That way no-one needs to follow you from thread to thread, and we can understand what you are describing.

  12. Brent
    Member
    Posted 5 years ago #

    I've been locked out of my site. It was apparently hacked and the user/pass isn't working.

    I've used phpmyadmin to reset it. I've used the emergency.php technique and have begged my hosting provider to help but they can't figure out what to do.

    I can't upgrade to 2.6.2 since it asks me to login when I visit the upgrade.php file to complete installation.

    Is it best to just move my site from hostgator to another host? If yes, any recommendations? Many many thanks.

  13. Brent
    Member
    Posted 5 years ago #

    Okay, after being told the problem was a plugin, I renamed the plugins folder.

    Then reloaded the site and it allowed me to upgrade.

    I then reset the password via WordPress. (I knew the username)

    Next, I renamed each plugin folder and restored them one by one. I didn't learn which plugin was at fault. It was not, all in on seo, cforms or exclude pages.

  14. kejabe
    Member
    Posted 5 years ago #

    My 2.6.2 was hacked today too. I discovered the akismet plugin folder had been deleted and an akismet.php file placed in the plugin folder. There must still be an, as yet, undisclosed vulnerability with 2.6.2. The hacker gained access through requesting a new password for the admin user.

    The complete WP installation was then deleted by this a55hole.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.