Support » Fixing WordPress » new version not safe I have been hacked

Viewing 15 replies - 1 through 15 (of 17 total)
  • There is nothing wrong with WP 3.2.1. The hacker could have gained access from any point on the server.

    Thread Starter madkad

    (@madkad)

    OK that’s fine, is there anyway in finding out how they did it or got in?

    they changed my child-theme index file, this is strange as I have found that they normally aim direct for the main index file dont they?

    if you didn’t mind giving some tips on how I go about stopping it happening again?

    is there anyway in finding out how they did it or got in?

    If this is a shared server, your hosts are the best people to carry out this investigation.

    they changed my child-theme index file

    Hackers will aim for any common file and index.* is just about as common as you can get. Have a look at Hardening_WordPress.

    Thread Starter madkad

    (@madkad)

    Thanks for that

    I really think its my host that’s cr@p as I have had to shut down 4 other sites within the last 2 months as they kept getting hacked, I was sticking to this as my main and keeping it well updated as I thought it was me not updating enough, but now I am thinking its my host

    I have done all the things in that link and cant seem to do much more from my end so think I am stuck now

    thanks again

    Are you sure that you have removed any backdoors from earlier hacks on your site(s)?
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Thread Starter madkad

    (@madkad)

    thanks for the link, I am still looking through the files but not got a clue on this bit 🙁

    Thread Starter madkad

    (@madkad)

    can I ask are the files

    k.php and kll.php

    anything to do with wordpress? are they made when installed? as they have things in indicating what that links says?

    Thread Starter madkad

    (@madkad)

    OK So I have done the following can you just confirm maybe I have missed something

    re-installed a fresh copy of wp
    removed k.php and kll.php as they are bad I take it

    I have done other things I would like to not says, but I take it there is a way that they get the files “k.php and kll.php” uploaded on my FTP? any other tips on how I can find the code they would have done this?

    I am unsure if I have closed all back doors as that link says what they could have done but I am looking for a needle in a haystack as I dont even know what I am looking for really in the database 🙁

    Thread Starter madkad

    (@madkad)

    Should I un-install all my plugins one by one and delete the files fully then re-install them?

    anything to do with wordpress?

    Nope.

    Thread Starter madkad

    (@madkad)

    anything to do with wordpress?

    Nope.

    try telling my host that lol

    I myself have nothing against wordpress and think its a great software

    thanks for your help

    try telling my host that

    If they have security concerns, they are free to contact security@wordpress.org

    Thread Starter madkad

    (@madkad)

    I will deffently, I am so close to leaving them now as all my sites are down due to them doing something with there servers, stay clear of justhost, should be called justjoke

    Thread Starter madkad

    (@madkad)

    meant to ask should this all be in the .htaccess file?

    # -FrontPage-
    IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
    <Limit GET POST>
    order deny,allow
    deny from all
    allow from all
    </Limit>
    <Limit PUT DELETE>
    order deny,allow
    deny from all
    </Limit>
    AuthName unleashedbeasts.com
    AuthUserFile /home/public_html/_vti_pvt/service.pwd
    AuthGroupFile /home/public_html/_vti_pvt/service.grp

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘new version not safe I have been hacked’ is closed to new replies.