WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Vulnerabilities in script? My host claims so. (4 posts)

  1. serialdeviant
    Member
    Posted 8 years ago #

    My site has been hacked like crazy lately (they get in and replace the index page, along with deleting a few random WP files, see http://www.whatsonxiamen.com/), and after changing my password twice, it's still happening. I have been talking to the tech support for two days about this, and so far they have said they are secure and any flaws are mine.

    Today, they said that they've checked and my PHP scripts are outdated. I used to run TinyBB, but since the first hack (when the entire script's folder mysteriously disappeared), I didn't bother uploading and installing it again.

    I use WP 2.0.2. Since I'm not PHP coder, all I know is WordPress does not connect to my server using my account (as in my server account) username and password. Am I right in assuming that?

    I do not use file uploading through WP (how would I secure that, if I did?).

    So. My question is, is there really a flaw somewhere in WP 2.0.2 that I've not read about, or is my server host just trying to deflect the blame for lax security? And if they are, could anyone please try to help me explain that to them in a very technical manner while implying that they were raised by baboons?

    I really need help (or thoughts and opinions) here. I run a community site by myself and I don't really have time for this and it's 3.30am and they won't give me a good answer and I'm really really frustrated because they've not given me good answers for two days and I haven't had a hell of a lot of sleep because I stay up late trying to solve this and then I get calls in the morning from people who use the site to tell me it's been hacked.

    Andrea

  2. manstraw
    Member
    Posted 8 years ago #

    find another host. wordpress itself is not likely the source of the problem. It's possible a plugin is insecure, you could disable them as an option. However, once hacked (from whatever way in), consider the account, and possibly the entire server compromised. back up your data, and either have your service wipe the account and start fresh, or find a new home. there's no point is fooling around, you'll just pull your hair out.

    IMNSHO

  3. serialdeviant
    Member
    Posted 8 years ago #

    I am asking them to wipe my account and re-open it on another machine, and I will install WP again there. So that might help, if they actually reply.

    Edited to add: They've responded, and say they will move my account. I hope it will be soon.

  4. manstraw
    Member
    Posted 8 years ago #

    good stuff, let us know how it goes. don't turn on any plugins at first (if you can). check out each plugin as thoroughly as you can before you trust it.

Topic Closed

This topic has been closed to new replies.

About this Topic