WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] WordPress 2.8.4 Hacked (12 posts)

  1. kersplash
    Member
    Posted 4 years ago #

    Hi,

    I have always run version 2.8.4 since its release, and have WP-Security Admin Tools installed and everything was good as far as security, no admin username, database tables not prefixed by wp_, etc. Or so I thought, until today. Now I find the code ;

    eval(base64_decode('aWYoIWlzc2V0KCRpZ3AxKSl7ZnVuY3Rpb24gaWd, etc. etc.

    inserted into a bunch of my .php files on my website. Nothing untoward is displayed on my pages or links to suggest to me my site has been hacked, the site just doesn't work until I have gone through and edited all of the offending code out of the pages. The only thing I can suggest security-wise is that I do have several plugins installed that have updates which I haven't installed (due to not wanting to break what's not already broken.) Are these plugin updates the source of my problem? Another thing I did recently was to install a plugin called "Who Is Online". I have since deactivated this plugin. Any ideas on how to stop this from happening again?

    Thanks.

  2. Rev. Voodoo
    Volunteer Moderator
    Posted 4 years ago #

    I use who is online, not sure if that could be aproblem.

    My site had the same hack....you don't happen to use SMF for a forum do ya? I got hit hard through SMF and it dirtied up all my software.

    Also, there are various ways you could be hacked. Did you start with 2.8.4 or have you been using WP for a while? A previous version could've gotten hit. Or, if you are on shared hosting, it could've come through someone else's insecure software.

    Good luck getting it cleaned, you've gotta do that asap...it's a pain.

  3. Everything you need to know is here: How to Completely Clean a Hacked WordPress Install.

  4. Shelly2009
    Member
    Posted 4 years ago #

    Same thing happened to me...still working on them.

    I see when my sites load it say: tumatehuala.com

    I'm guessing that's the hacker? Do you see this as well? It's not a plugin. I've deleted all plugins and uploading fresh 2.8.4

  5. Rev. Voodoo
    Volunteer Moderator
    Posted 4 years ago #

    the best thing is to reinstall WP, clean your theme, and reinstall ALL plugins with fresh downloads.

    You may also have to look around for strange named files. I had files that weren't part of WP in my directory that I had to get rid of.....

    it got confusing for me as 2 different software packages got hit...and between the 2 of them they messed up every file I had.

  6. kersplash
    Member
    Posted 4 years ago #

    Luckily I had a backup from only a week ago. I have restored it and changed my passwords. Much quicker than re-installing everything (provided I wasn't infected back then), but I am pretty confident. Lesson learnt....backup....backup....backup.

  7. proudspark
    Member
    Posted 4 years ago #

    Same thing happened to me. Is there not a risk that there is still something suspicious in the database? I replaced all files one evening, and the hack reappeared the next evening...

  8. Samuel B
    moderator
    Posted 4 years ago #

    proudspark
    database will definitely need to be cleansed

  9. sidd82
    Member
    Posted 3 years ago #

    Hello Moderator,

    Is there no possible way to protect WP 2.8.4 without upgrading ?
    And how can someone modify code in my php files when the only ways to edit them are FTP to the server and/or have Admin access to WP [given that no one knows admin access credentials to WP Login /FTP ) ?
    Thanks.

  10. mrmist
    Forum Janitor
    Posted 3 years ago #

    The only way to protect the 2.8.4 version would be for you to include yourself all the security fixes which were introduced since then. Because this becomes increasingly difficult as the versions move forwards, this is the reason why instead it is better to upgrade.

    People can edit your files or otherwise hijack your system by exploiting these bugs. They do not need to have your FTP details.

  11. sidd82
    Member
    Posted 3 years ago #

    Thanks Mr Mist.
    Could you point me to a certain resource that describes how these changes can be done manually.

    Thanks.

  12. mrmist
    Forum Janitor
    Posted 3 years ago #

    Hi, no I cannot. I'm afraid that if you wished to do that it would be down to yourself to scour the changeset history.

    The core team attempted to keep a stable branch maintained with security fixes for a while with the 2.0.10 version, it didn't work out, though.

    Realistically you are best upgrading and trying to adapt things that might not work. You'll probably expend less effort overall, too.

Topic Closed

This topic has been closed to new replies.

About this Topic