WordPress.org

Ready to get started?Download WordPress

Forums

WordPress 2.7.1 hacked (19 posts)

  1. e7
    Member
    Posted 5 years ago #

    I've now had 2 blogs hacked in 2 days.

    My friend's blog which I set up last week, and today my blog also got hacked.

    Anyways, my site is eternalseven.com

    At a first glance all looks well, only when you attempt to load posts does the hacking appear. Pages and the admin section looks fine, also my database seems fine which I'll back up when I get home later today.

    This is more FYI to the community. Please feel free to move this as needed to the required section.

  2. supernovia
    Member
    Posted 5 years ago #

    I'm not sure what you mean "when you attempt to load posts" - do you mean when you try to load them from the front end as individual posts or.. ? Also what code is being inserted, and have you found out where it's loading from?

  3. e7
    Member
    Posted 5 years ago #

    My website uses pages and posts.

    If you attempt to view a post, by clicking on any of the links on the front page, you'll see the hacked content right now until I fix it.

  4. supernovia
    Member
    Posted 5 years ago #

    Would love to see a link. Also did you figure out where it's loading from (a template, the database, etc?) and was your buddy's site hacked in the very same way?

  5. e7
    Member
    Posted 5 years ago #

    Ok, I've fixed it now, they somehow modified something within my theme files. Now's a good time for me to back everything up!

  6. supernovia
    Member
    Posted 5 years ago #

    Oh, nevermind I see the link now. :-p Checking it out.. and it looks like you must have already fixed it. Was the hacked code loading up in the template or.. ?

    -Velda

  7. supernovia
    Member
    Posted 5 years ago #

    got ya. If you're done editing your template, you may as well chmod the files so they can't be modified anymore. More info here: http://codex.wordpress.org/Hardening_WordPress

    Was your friend's site hacked in the same way? and were you using the same template? I'm about to update a few sites to 2.7.1 and want to be sure we're safe.

    -Velda

  8. e7
    Member
    Posted 5 years ago #

    my friend's site was not hacked the same way, his appears to have been hacked by chinese because there are chinese characters appearing on his site. For privacy reasons I can't post a link here.

    My site was hacked only within my theme, everything else seems to be operating as normal. It must've happened sometime yesterday but I only noticed today because of the drop in hits. Even though my front pages are indeed pages most of my content is within posts.

  9. e7
    Member
    Posted 5 years ago #

    Good note about the chmod, I'll look into this. I'll take a look at your link too, I'm now backing stuff up.

  10. supernovia
    Member
    Posted 5 years ago #

    So two totally different hacks in two days? Mmm, I'd check your own system to be sure you don't have some nasty keylogger stealing your passwords. :-(

    To fix your friends blog did you have to edit the theme there as well?

  11. e7
    Member
    Posted 5 years ago #

    These websites are not hosted on my machines but on Hostmonster.

  12. supernovia
    Member
    Posted 5 years ago #

    If you had a keylogger on your system, someone could have stolen your passwords to Hostmonster.

  13. e7
    Member
    Posted 5 years ago #

    I highly doubt this. If they did so I'm sure they would've wreaked more damage. Secondly why hack my site? THey'd be going after my bank accounts.

    More details about the hack job. They did hack the admin account in wordpress. I don't use the admin account and now after this incident I've deleted the admin account.

    So the hacking was more severe then just overwriting some of the theme files. FYI.

    My friend's site also had all of its users modified, we had multiple admin accounts on there.

  14. e7
    Member
    Posted 5 years ago #

    Ok Supernovia, I've now checked over everything on the server and the link you suggested above. It appears my files always had permissions that give them right to only be modified by the owner. I'm a bit at a loss now because that means (to me right now) that they did gain access to the server somehow as my account.

    I don't understand anything about hacking. Is it possible for those files to be modified w/o them gaining access to my username/password somehow?

  15. fluentdesigns
    Member
    Posted 5 years ago #

    If you are on a shared server which it looks like it is then the logical explanation would be a security risk with your host server. I would notify your hosting company to update the server kernel and all the software such as mysql, php etc.

  16. supernovia
    Member
    Posted 5 years ago #

    Sorry I didn't check back for a few days. Did you get this worked out? For what it's worth, I'd think if someone went to the trouble to hack an entire server, they'd apply the same hack to all sites in a batch rather than hacking each one individually. I'd check your systems for trojans then change your passwords :-/

  17. BernardBorealis
    Member
    Posted 5 years ago #

    There's no way to be sure but I'd agree with supernovia. It doesn't seem like a server hack, but an account or site hack. Here is some information which will hopefully help you:

    http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
    http://guvnr.com/web/blogging/10-tips-to-make-wordpress-hack-proof/
    http://codex.wordpress.org/Hardening_WordPress

    Not all WordPress themes work with every version of WordPress. Yours may have become outdated and removed. You can check themes.wordpress.net for additional free themes, perhaps you will even come across an updated version of your theme again.

    Every plugin is different and some of the old ones may cause problems, so make sure you choose updated plugins and only install ones which you need. If you try out a plugin and decide not to use it or it really doesn't benefit you, make sure to not only deactivate the plugin, but delete the plugin files from the plugins directory.

  18. e7
    Member
    Posted 5 years ago #

    From the hacking perpective they definitely seem to be exploiting some feature of wordpress to do it. The only part of my site which was affected was within the wordpress installation. I'm guessing it was some sort of a batch job because they didn't do any damage to the site contents even though they clearly broke into the account database and hacked/modified the password to the admin account. If this was a deliberate hacking attempt designed to take down the site they could've done a lot more, I'm guessing it took about a day before I noticed the site had been hacked.

    Thanks to everyone who helped out here. Bernard, I'd already checked out the hardening wordpress post, all that stuff outlined there was in place on my site before it got hacked. I'll read the rest.

    Changing my theme is a problem even though I've been thinking of doing a total redesign lately. That theme is my own theme which I created for my site. Subsequently I published it and it has been used by many others but I'm curious now that if perhaps by publishing the theme I use has made me somehow suseptable to this type of hackjob.

    Anyways, I've backed up everything now and I'll make a point to do monthly backups of my site. I've contacted Hostmonster and told them about the hacking but since I'd already cleaned up there was nothing they could see...

  19. Yogi
    Member
    Posted 5 years ago #

    My girlfriend's blog just got hacked too today. The hacker defaced the home.php file on the theme folder she's currently using.

    I'm not sure from where did the hacker managed to the defaced the blog.
    Btw, the blog is using the latest 2.7.1 version.

Topic Closed

This topic has been closed to new replies.

About this Topic