WordPress.org

Ready to get started?Download WordPress

Forums

WordPress - major hack (7 posts)

  1. jami1955
    Member
    Posted 3 years ago #

    Before I take this offline, I want to show the wordpress community a major hack. My site has been completely taken over, and the domain redirected to a hacker's site. Get a load of it, it will be gone soon.

    [Link removed]

    As soon as I hear from my server about what they figure out from the access logs about how this happened, if it indeed is a weakness in wordpress, I will post it here.

    JSC, Boulder

  2. ClaytonJames
    Member
    Posted 3 years ago #

    if it indeed is a weakness in wordpress, I will post it here.

    If, - and I say "If", with no reflection or consideration necessary on my part considering what I just saw on your site - you believe that you have found something in WordPress that merits the urgent attention that your tone implies, it would be completely irresponsible to post those details in an open forum. The hack I see on your site is not limited to WordPress. If you still think you might really have something related directly to WordPress, this is the correct route to take:

    "Security

    If you think you've found a security problem in WordPress, please see the Security FAQ for information on reporting the problem."

    Where do I report security issues?

    Good luck to you.

  3. jami1955
    Member
    Posted 3 years ago #

    I've written to security. But it is fine to say this publicly, that version 3.0 was hacked completely, after the database was restored from a backup, it worked fine again. It was indeed limited to WordPress, there is no other site out of the 15 others on that account that have any trouble. Nothing else was done. Just that domain that hosted wordpress. It was from an IP in Turkey.

  4. Did you just restore the database backup or replace the files too?

    You mentioned that your domain was redirected, which is very difficult (if not impossible now) to do via the database. More than likely, it was either a .htaccess replacement or code injection hack, which can happen to just about any site or file on any shared server.

  5. PTCTUT
    Member
    Posted 3 years ago #

    It looks like someone modified .htaccess from outside and redirected.

    If you have restored just the database and your sight worked normally then might be problem with script injection and it's not the problem of wordpress alone.

  6. mrmist
    Forum Janitor
    Posted 3 years ago #

    If your site was indeed hacked (by whatever means) I don't think that we want people clicking through to it from here, as potentially further exploits could be hidden in its code.

    So I've removed the direct link in your post.

    http://codex.wordpress.org/FAQ_My_site_was_hacked may be of interest.

  7. ClaytonJames
    Member
    Posted 3 years ago #

    It was indeed limited to WordPress, there is no other site out of the 15 others on that account that have any trouble

    It may have been limited to the WordPress installation on your server so far, but that's not quite what I meant. In the minute or two it took to skim a large number of other sites that were hacked with the same crap you experienced, the number of those sites using WordPress did not appear to be disproportionately high, when compared to the number of sites affected that were not using WordPress.

    It's still a big pain in the neck, either way.

Topic Closed

This topic has been closed to new replies.

About this Topic