WordPress.org

Ready to get started?Download WordPress

Forums

WordPress v.2.7.1. already been hacked (7 posts)

  1. pinoyconsole
    Member
    Posted 5 years ago #

    I'm not sure if anybody already been hacked by this group of hackers and how they are able to hacked the latest version of WordPress.
    You can check my website: http://www.wordpressmod.com

    Anybody knows how to solve this problem and how to clean it totally without leaving any script inside?
    Any help is highly appreciated.

    P.s. english is my second language

  2. whooami
    Member
    Posted 5 years ago #

    Sorry your site was hacked. Youre violating Matt's trademark.

    http://wordpress.org/about/domains/

    For various reasons related to our WordPress trademark, we ask if you're going to start a site about WordPress or related to it that you not use "WordPress" in the domain name. Try using "wp" instead, or another variation. We're not lawyers, but very good ones tell us we have to do this to preserve our trademark. Also many users have told us they find it confusing.

    If you already have a domain with "WordPress" in it, redirecting it to the "wp" equivalent is fine, just as long as the main one users see and you promote doesn't contain "WordPress."

  3. pinoyconsole
    Member
    Posted 5 years ago #

    Thanks for the info ( i will deal with that later) but better if you also give me any solution to my problem right now. :)
    was the latest version of wordpress was still safe or it was only hackable if you violate Matt's trademark?

  4. whooami
    Member
    Posted 5 years ago #

    ...it was only hackable if you violate Matt's trademark?

    i wasnt trying to suggest that. Im just letting you know

  5. Jay Versluis
    Member
    Posted 5 years ago #

    Ouch!

    I had a site hacked running WP 2.6.5 a while ago, but it hasn't happened on 2.7.1 yet.

    Can you remember if you've put all file permissions back to non-writable? That was the demise of my site back in the days.

    BTW, I also have a domain that has "wordpress" in it - and I had no idea we're not supposed to do this. Might be an idea to make this a more prominent message, if it's so important to the makers of WordPress.

  6. pinoyconsole, I doubt your WordPress got hacked exactly. But your server sure did.

    This works fine http://www.wordpressmod.com/readme.html

    These gives a directory listing (.htaccess Options -Indexes is your friend)

    http://www.wordpressmod.com/wp-content/plugins/akismet/
    http://www.wordpressmod.com/wp-content/plugins/

    You really need to lock that down.

    Backup all your files and database. Check your wp-config.php and (after you've confirmed that the backup was good!) delete the files that are part of WordPress and those theme and plugins. Re-upload new copies from the sources.

    Double check that your .htaccess file is good too and turn off directory listing.

    If you can, look at the server logs and try to figure out how they got in. Read and implement stricter file and directory permissions from http://codex.wordpress.org/Hardening_WordPress

    Good luck.

  7. pinoyconsole
    Member
    Posted 5 years ago #

    Thank you very much jdembowski I will try to work on it now. I think the bad thing about using cpanel is that you need to put some of your files to writable (777) only to make it work,
    It will surely be a long night for me now to check also my other site before they hit me again.

Topic Closed

This topic has been closed to new replies.

About this Topic