WordPress.org

Support

Support » Your WordPress » blog got hacked

blog got hacked

  • Hello, just went to make some posts today on my blog. I was greeted by http://13370r.net/thedeplorableword/hax.html
    At first I thought that our whole site had been done over, but after doing some looking around its only my wp pages that have been hit so to speak. The hackers have (as far as I know) just make a new index page.
    Im running 1.2 not 1.21, so that could be an issue. I also originally installed wordpress via fantastico though the cpanel.
    Has anyone else had any reports of this? or got any idea how it was done, e.g. my fault for using a stupid password? or some holes in wp or fantastico?
    Any help you could give would be great

Viewing 4 replies - 1 through 4 (of 4 total)
  • Mark (podz)

    @podz

    Support Maven

    My guess would be the password – it’s the weakest link.
    Get a password manager program – I use anypassword ( http://www.romanlab.com/apw/ ) and use it to generate and save your passwords.
    8 or 16 random character passwords are good – birthdays and pet names are not 🙂

    Fantastico usually keeps ALL the installation/upgrade/update files in place after doing it’s job. It is your responsiblity of going through your folders to ensure that you’ve deleted all these files.
    These include things like <yoursite.com>/wp-admin/install.php and so on. Look for these files, and remove them.
    Regards

    Moderator James Huff

    @macmanx

    Support Team Rep.

    Snakerboy, you should also upgrade to v1.2.1, 1.2 had some security holes.

    The password could have been an issue 9 letters, with a few numbers for good luck. Im really not as stupid for it to be a pets name birthday etfc :p
    install.php is probly the cause, its really pissed me off because fantastico didnt even warn me about it. I assumed that it would take care of such stuff.
    Im going to backup my tables and do a nice fresh install. Cheers for your input.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘blog got hacked’ is closed to new replies.