Support » Fixing WordPress » Cocain Hacker hits my sites

  • Just wanted some feedback. Cocain Team hacker hacked into 7 wordpress sites. they have a google search tally of 8000 wordpress hacks right now.
    The only plugin in common is askinet, they hacked different themes, most of these sites appear to be chmod 644 and 755 for directories.

    What to do? Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Chris Olbekson


    Level 12 Bug Squasher & Forum Moderator

    Stay Calm
    You have to stay calm to be able to deal with this situation. The first step before you respond to any security incident is to calm yourself down to make sure you do not commit any mistakes. We are serious about it.

    Follow these instructions
    FAQ My site was hacked

    Please tell us who your host is and make sure you contact them as well.

    Chris Olbekson


    Level 12 Bug Squasher & Forum Moderator

    The only common thing I noticed from this search was they were all running WordPress 2.3.2 except one which was running 2.9.2

    Thanks for checking the search, but I had them running all kinds of versions. I have seen one thing unusual in most of them wp-cron seems to have been affected. Other in commons are the ip addresses are russia, some iran and russia. Also one of those sites I checked yesterday and it was fine, then I find a dated 6-21 file change on the them index and styles, which appears they hacked it a few days ago but it didn’t take effect??? Maybe it was my browser cache. ??? not sure.
    I am wondering if wp-cron has someway of being activated and how I can check this.

    on those same ip addresses I also had one of them hitting /load-scripts.php

    These guys have caused me hours of work fixing. they delete the admin email address, so no use of lost password and have to go to mysql to directly change the user email.

    I should correct that last post, i meant to say they put the file in 6-21 but it only appeared to be hacked on 6-29, so there was a lag in the hack time. ??

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Cocain Hacker hits my sites’ is closed to new replies.