I ran the 2.8.6 update last night, and after work today I found my site had been hacked. In the restoration process I lost four days of posts. I'm a little wary of re-upgrading (since resetting the site took me back down to 2.8.5). Anyone else have this happen?
Upgraded to 2.8.6, hacked within 12 hours. (9 posts)
-
ZachGates
Posted 2 years ago # -
ZachGates,
Is it possible that the site had been hacked prior to the upgrade? Please read through the hacked post: http://wordpress.org/support/topic/307660?replies=1
-
Posted 2 years ago #I kinda doubt it. I post every day. I did the upgrade, went to sleep, and then earlier today I got an email saying my admin details had changed and I suddenly couldn't login.
But, all right, I'll upgrade again.
-
songdogtech
Posted 2 years ago #The hack might have come through your shared hosting. Tell your host, and see How to Completely Clean a Hacked WordPress Install and FAQ: My site was hacked « WordPress Codex.
-
jonradio
Posted 2 years ago #It can be easy to miss in the two links quoted by songdogtech: change your FTP password.
This is very important because the vast majority of hacked WordPress sites can be divided into two categories: (1) exploits of security issues in previous releases/versions of WordPress (i.e. - you are running an out of date WordPress version/release); and (2) FTP access to the site by hackers.
No magic in the second one, just the same ID and password that you use.
But how did the hacker get your FTP ID and password? By infecting your machine and transmitting the IDs and passwords (and site addresses) from your FTP client(s) to a hacker's database via the Internet.
-
Posted 2 years ago #Far as I know my FTP didn't get hacked, when I called my hosting company they said my account login with them was the same as before. The mail I got was solely referring to my WP install.
Moot point, I suppose, since I got it all back working. But that definitely shook me. First hack I ever had.
-
Posted 2 years ago #How would you know if hackers accessed your WordPress site via FTP? They sure aren't going to advertise the fact by changing the FTP password! Unless someone has gone through the FTP access logs and checked, you'll never know. ...until you get hacked again.
I would still advise: (1) changing your FTP password; and (2) run some top quality anti-malware scanner on all workstations that have the FTP ID and password saved in FTP client(s).
-
How would you know if hackers accessed your WordPress site via FTP? They sure aren't going to advertise the fact by changing the FTP password! Unless someone has gone through the FTP access logs and checked, you'll never know ...
you answered your own question. SOME hosts (good hosts) make ftp logs available. Hacks that are a result of malware are very easily spotted in the ftp logs. Lastly, even without logs, those hacks have telltale signatures.
-
Far as I know my FTP didn't get hacked, when I called my hosting company they said my account login with them was the same as before.
None of that matters. you dont understand. but oh well.
Topic Closed
This topic has been closed to new replies.
