I updated yesterday to 2.71 and no sooner did I do it an hour later my blog was shut down by the famous pnq hack whereas you go to your blog site and a black arab page appears saying you have been owned, great security WordPress, this is my 3rd hack in 4 weeks and I am sick of it, is there anything can be done? Speaking to my host service they stated its because WordPress is open source and anyone can hack it, well I didnt realize it when I started my blog now I have lost another weeks work a 3rd time.
homeiswherethecarsparked.com
Upgraded to 2.71 and got HACKED immediatly! (5 posts)
-
jingles689
Posted 3 years ago # -
There are so many problems here. I would love to know more about how this happened, but here are some of the issues i am seeing right off.
If you have been hacked 3 times, you should definitely be doing backups. Perhaps nightly, emailed backups using one the backup plugins. If you have been hacked 3 times, there is a good chance you aren't changing your passwords, and they are getting in the exact same way every time. Or there is an exploit planted into the database from the first time that hasn't been fixed. Another reason to have regular backups so you can go back to an older, pre-hack version.
What is the famous "pnq" hack? ...
-
jcow - check the link and you'll see.
@jingles689 security of your site is up to you - not WP. There is nothing inherently weak in WP's code that allows hacks. Blaming it on open source software is so ridiculous it defies reason. How many times have you hear of a linux site being hacked? It's all open source.
You should regularly backup your database via your hosts control panel phpMyAdmin console and your files via FTP. All you can do now is do a dump of your database via phpMyAdmin and go through it looking for whatever codes those people inserted and delete it. There are help files in the Codex how to do this. In fact, Buddha Trance offered up this file in another post on the following page..<url>http://codex.wordpress.org/Hardening_WordPress</url>
If all else fails, do a complete reinstall of WP and only set write permissions to those files that WP requires to operate, set a SECURE, multi-character, upper and lower case, extra ascii character password of at least 14 characters. Then investigate (web search) the .htaccess file and write one that will protect your core files from outside access and tampering.
-
ClaytonJames
Posted 3 years ago #Speaking to my host service they stated its because WordPress is open source and anyone can hack it
Bullshit. You can apply that statement to any web application or server that isn't properly secured or administered. They gave you that excuse because they are not, and do not get paid to be, involved in the security of your website.
this is my 3rd hack in 4 weeks
In all probability, that suggests a pre-existing vulnerability that has not yet been identified and controlled. Upgrading is most likely just a coincidence. Any evidence in your server logs? (been hacked 3 times).
Have you verified that file and folder permissions are correct, and that there are no files or directories present that you did not put there? Inspect the contents of the index.php file in your root directory.
Have you viewed your database for unauthorized admin accounts and users?
3rd hack in 4 weeks
Sounds like you have been hacked just once. It just has not yet been fixed.
an excerpt:
"Just days ago my whole plugin folder on my server dissapeared and though I was able to redo it all I assumed I had been hacked..."
That may indicate something other than a WordPress problem. Have you changed your ftp access info, and WordPress admin account credentials since the first time you were hacked? Only index.php seems to be affected right now, because I can browse any other page on your site normally as long as I don't go to the home page. Give it a try.
http://homeiswherethecarsparked.com/about-2/
Good luck to you.
-
Posted 3 years ago #@jingles689
re: Roses for my Readers
Right back at 'ya! Be well, and best wishes.
:-)
Cj.
Topic Closed
This topic has been closed to new replies.
