WordPress.org

Ready to get started?Download WordPress

Forums

Someone has HACKED my blog (23 posts)

  1. sunergeo
    Member
    Posted 7 years ago #

    Please look at my blog-- http://www.withchrist.com/shilohsplace

    I guess someone from Turkey didn't like it and decided to make a political statement. It's kind of funny because i don't get many visitors on my blog.

    Is there anything I can do? I already contacted the guy who owns the site but haven't heard back. :(

    Any suggestions?
    amy

  2. yosemite
    Member
    Posted 7 years ago #

    Try to verify with your host that all security issues have been addressed. If they can't do that, or won't, find another host. Until that's secure doing anything other then deleting stuff may just be a waste of time.

  3. whooami
    Member
    Posted 7 years ago #

    <meta name="generator" content="WordPress 2.0.2" /> <!-- leave this for stats please -->

    From Google' cache of your site. Another example of why staying up to date with security updates is so important.

  4. Esra
    Member
    Posted 7 years ago #

    Just out of curiosity, and for fear of this happening to any other blogs, what kind of security updates do we need? Are there any plugins merely for security purposes?

  5. whooami
    Member
    Posted 7 years ago #

    If you keep an eye on your dashboard, where the feeds are, posts to here:

    http://wordpress.org/development/

    are picked up via RSS so that you can be made aware when a new release comes out.

  6. david_mc
    Member
    Posted 7 years ago #

    I've had a similar experience. My WordPress blog was hacked, and the content replaced with the website and email of the hacker. Whilst this doesn’t appear to have been overtly malicious I’m curious at to how it could have happened (not to mention a bit dismayed at lost posts). And, obviously I don’t want to put it back up for the same thing to happen again. I was running the latest version 2.0.4 with only the backup utility add-on. My password was pretty secure I think, a jumble of 11 letters and numbers. I’m baffled as to what other way could they have gotten in?

    I’m currently trying to find out if my host has any logs of the event to explain what happened. One coincidence was that a few hours before it happened I approved a comment, from a trusted source.

    Any advice, suggestions would be greatly appreciated.

    Thanks

  7. bytedreams
    Member
    Posted 7 years ago #

    I experienced a similar thing last week. It was the host's server that was hacked. It affected all page files named "index." Contact your host. After the host repaired the server, I reinstalled wp right on top of the older one, and it seemed to work fine afterwards

  8. david_mc
    Member
    Posted 7 years ago #

    Thanks, bytedreams! I'll look into that possibility. My host tells me they are investigating but have yet to reveal anything to me.

    Were you running 2.0.4 and did you manage to recover any of your files?

  9. Doodlebee
    Member
    Posted 7 years ago #

    David - for the record, your posts are located in your database. Unless your database was hacked, as well, then your posts are still there, and just fine. All you have to do is get them.

  10. david_mc
    Member
    Posted 7 years ago #

    doodlebee

    Thanks for that. So probably it was just the front page of my site which was overwritten but the content which is stored in the database is all still there?
    I guess I don't really understand the difference between my website being hacked and my database, probably because I got help setting the WP database up. This unfortunate event gives me the incentive to learn it for myself though!

    Thanks again for your time.

  11. Doodlebee
    Member
    Posted 7 years ago #

    >>So probably it was just the front page of my site which was overwritten but the content which is stored in the database is all still there?<

    I can't give you a *definite* "yes" to this question, but I would say probably so. Most people who do this do it just because they *can*. They figure it'll either stay that way for a while (because the owner won't notice) or it'll just get taken down very soon. I don't know that they've hacked your database - it's a possibility. But I'd say they just went for the pages - the HTML.

    I'd definitely make sure of this (check with your host), but chances are, your database is fine, and all you'll have to do is reupload your files for the layout of the site. If WordPress is still in the database, you should be able to pick everything up just fine.

  12. Samuel Wood (Otto)
    Tech Ninja
    Posted 7 years ago #

    From Google' cache of your site. Another example of why staying up to date with security updates is so important.

    Generally true, however 2.0.2 doesn't have any easily exploitable security holes if you don't allow user registrations, and there are good reasons to not upgrade to 2.0.3 or 2.0.4 yet.

    If he didn't allow user registrations, he was probably hacked via a different approach.

  13. whooami
    Member
    Posted 7 years ago #

    i disagree, and the usage of the word "easily" is what sets me off. Neither here nor there though really, as not surprisingly the vast majority of ppl here tend to blame hosts rather than file permissions or the WordPress version being used for issues like this.

    Rather than stressing the importance of due diligence when maintaining _any_ site thats dynamic, so that the host IS the likely problem, the masses rally round whatever it is thats not a user or WP issue.

  14. Samuel Wood (Otto)
    Tech Ninja
    Posted 7 years ago #

    Disagree all you like, it's still probably not something that happened via WordPress code. I'd bet on file permissions and getting in via somebody else's site on a shared system, myself. That's the most commonplace approach, I believe.

  15. whooami
    Member
    Posted 7 years ago #

    lol, and file permissions dont have anything to do with wordpress? while they dont have anything to do with the version being used, or "code" (yes I noticed your qualification) they have EVERYTHING to do with wordpress, especially when you have plugins written by wordpress devs that require, NOT suggest, but require that certain directories be world-writable.

    I think we are on the same page, atleast I hope that I am. frankly, all Im suggesting is that way too many people put up sites, and dont know what theyre doing, dont know jack about permissions, dont know what to do to insure the that most basic of things are taken care of, and dont stay up to date on the software theyre using.

    My god, the evidence of that FACT is all over this site!!

    Responsible web mastering is on its way out. And I dont buy "its the hosts fault" crap that tends to spew off software sites. Its not, its the users fault.

  16. Samuel Wood (Otto)
    Tech Ninja
    Posted 7 years ago #

    Ummm... I think we're talking about two completely different things. :P

    I wasn't placing blame, because I don't care about blame. I'm a tech nerd. I was trying to talk tech. If you don't want to talk tech, then never mind. :)

  17. whooami
    Member
    Posted 7 years ago #

    haha yeah i musta skimmed over all the technobabble in that post :P

    "Generally true, however 2.0.2 doesn't have any easily exploitable security holes if you don't allow user registrations, and there are good reasons to not upgrade to 2.0.3 or 2.0.4 yet.

    If he didn't allow user registrations, he was probably hacked via a different approach."

    whatever, im off to work!

  18. Arnan de Gans
    Member
    Posted 7 years ago #

    Consider the possibility that wordpress is secure and that your database is not.

    If someone has access to let's say PHPMYADMIN or similiar and knows you database login he/she can easily alter your blog without even touching wordpress.

    A good way of securing your databases is to use a different user for everydatabase and use some megadificult username and password. It's not like you use those logins everyday to login manually so it doesn't really matter what it looks like.

    Another thing you could do is pervent access to phpmyadmin from the internet if youre running the server from home.

    Im not saying phpmyadmin or any admin program/script is insecure, but consider the possibility.... afterall they too use a password and username YOU made up to use it.

  19. david_mc
    Member
    Posted 7 years ago #

    Otto42 - could you expand on what you mean by this? Thanks

    'getting in via somebody else's site on a shared system, myself. That's the most commonplace approach, I believe.'

  20. namhuy
    Member
    Posted 7 years ago #

    Mostly I think all your website was hacked via sharing host. That is pretty easy if your hosting company turn off "safe mode" on the web server.
    With some local hack tools "rem..." or "telnet" .... lol. Nothing is impossible.
    Just back up your database daily, update often your website source and waiting for hackers visit your website :(
    That's what Im doing....
    oh, one more thing, please set all your files/folders to 644/755. Do not set 777 for your files or folder (you have to do this if you want to upload files from your computer to your web server via website). It's the most dangerous things you should not do.
    Another tip that you can encode your config.php by zend encoder. I think it will be safer because it's really hard to decode config.php file and hacker will not know your database password .....
    If hacker can hack the whole web server, we have nothing to do which this.... just ..... get lose.

  21. david_mc
    Member
    Posted 7 years ago #

    Thanks, you’ve given me plenty to think about!

    I also just received the log files from the event. Seems as far as I can tell to start with:

    "http://www.google.co.uk/search?hl=en&q=mywebsite&meta="

    Interestingly, it’s a BTinternet machine running W98.

    Judging by the above post this is someone checking my WP version? Then I get a load of entries where he/she is, I guess, posting their own stuff on my site through /img/edit.gif and /bcvb.css and such like.

  22. david_mc
    Member
    Posted 7 years ago #


  23. Quix0r
    Member
    Posted 7 years ago #

    He? GIF and CSS files? Is that the referer?

Topic Closed

This topic has been closed to new replies.

About this Topic