Use your FTP program and login to your account. Delete _everything_.
Contact your host, and ask them to change your database password.
Download WordPress 1.5.2, and install it. Set your wp-config.php as needed, using the new password.
Check whether or not your data is still in the database. If it is, you should be mostly okay. If it’s not there, you will need to restore from backup. If you don’t have a backup, your host might.
And to add to what Skippy said, if you aren’t making regular either daily or weekly backups, you may want to start doing so.
I personally run a cronjob that backups my database on a daily basis and puts it in a non-public folder so I can save it incase anything like that were to happen.
how do i set up the cron job?
Backing_Up_Your_Database contains one option, using my WP-DB Backup plugin with my WP-Cron plugin.
Podz has an excellent cron tutorial.
Thread Starter
madsen
(@madsen)
Hmmm…I’ve deleted via ftp and also logged in to make an emergency backup of the DB…which returned me a 32 kb file, so I’m afraid the DB’s gone. Latest DB backup dates back to april 20. (a 64 mb file), so it seems like a lot of entries have vanished.
Even if I get a new password from my host..well…what will prevent the hacker from wrecking havoc again? Obviously my host has serious problem with securing the DB…big problem since he hosts around 7000 accounts…
I’ve noticed that both my host and I use the same domain name service (http://gratisdns.dk/) so maybe it’s those guys who’re the weak link…
…sorry, but I don’t know much about these things, so I’m a little lost here….
Hope my host has some kind of backup :-/…right now I feel like giving up blogging….:-(
(Please disregard any bad grammar and misspellings…english isn’t my mother tongue)
Madsen, I hope things work out well for you. I can imagine how disappointing this must be.
We cannot know for sure that WordPress was the entry vector used to compromise your system. Your host’s web server logs would show who accessed what, and when. They are in a much better position to help you work back through this to find out what really happened.
Also review this thread. Even though WordPress 1.5.2 is supposed to have resolved this specific vulnerability, there is no harm in applying multiple layers of defense. Security in depth is strongly encouraged.
Thread Starter
madsen
(@madsen)
Thx. hooopla….I’m in a Godzilla kinda mood right now…but still…thx. :-/ (<-…the biggest smiley I’m able to come up with right now)
Thread Starter
madsen
(@madsen)
Thx. Skippy…I’ll check it out!
Actually…I “know” who the guy is…well….I know his blog (http://usenet.smartlog.dk/), and I know he’s been quite active in various danish usenet groups…his a Troll..and apparently also a hacker. He uses numerous open proxy’s, so I’m afraid he hard to catch….If I got my dirty little hands on him he’d be typing with his nose the rest of his life…grrrr….(don’t worry…I’m just daydreaming).
My host and the domain name service (company?!) might see it as a police matter….I don’t think I’ll be interested in taking it that far though…
It’s highly unlikely that the domain name service is involved. They might be, but it’s a long shot — focus first on working with your hosting provider for backups, if possible. If you want to pursue the matter farther, then you can begin to explore how he got in.
Thread Starter
madsen
(@madsen)
Checked with my host, and according to them the hacker had probably exploited somekind of vulnerability in WP…they didn’t specify:-(
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Well, that’s unusually unhelpful. Who’s your hosting provider? WP v1.5.2 was just released and has no known vulnerabilities. I find it hard to believe that some guy just managed to find a vulnerabilitiy with it on your blog in just a matter of hours. If that was the case, we should have heard more reports of it by now, as the “hacker” would have exploited more blogs than just yours.
Sounds like the web host is just engaged in some finger pointing rather than looking inward to find the culprit and plug the security hole.
Thread Starter
madsen
(@madsen)
Well…I was using WP 1.2 so that might explain it…Anyway…I think I’ll be looking (suggestions are welcome) for a new and more reliable (in every sense of the word) host.
I don’t wanna go through this again, and this whole experience has made me a little…ehhh…hestitant ’bout using WP. Dunno…guess it all relates to me using an old version of WP. I’ll take your word for it when you say that I can trust WP…
I had made an entry ’bout “Indispensable Mac OS X software” which was meant as a help to new macusers. It was just starting to generate quite some hits (after my standards that is…around 2000 a day), so I’m really annoyed ’bout this…..Hope people will find the list again when I switch to a new host.
