Hacked? (10 posts)

  1. Emilie
    Posted 2 years ago #

    Would like opinions on this situation :

    I received an email from a student this morning (I teach web design and I have them working on my WordPress Multisite install) that he got this email :

    Your new Multisite site has been successfully set up at:

    You can log in to the administrator account with the following information:
    Username: xxxxxxxx
    Password: N/A
    Log in here: http:/xxxxxxxx/multisite/xxxxxxxxx/wp-login.php

    We hope you enjoy your new site. Thanks!

    --The Team @ Multisite

    I removed some informations with the x but the rest is the same : Password showed N/A and I didn't create any users.

    Yesterday the site worked and I didn't do much on it. My students can add CSS but not plugins or themes.

    So I tried to login this morning and I get a pop-up requesting Username and Password instead of the normal login screen. Pop-up says :

    The server xxxxxx:80 requires a username and password. The server says : Human Check - U:wordpress P:xxxxxxxxx

    I removed the password information but none of these informations correspond to my login and password. I tried checking my cPanel and I get the same pop-up. I didn't enter any of my info but some of my students probably did. Smells fishy?

    What's your take on this?

  2. Emilie
    Posted 2 years ago #

    Just to add info, I've contacted my host to see if it's something they have implemented and I'm waiting to hear back from them. Is that common?

  3. Brett
    Posted 2 years ago #

    I'd recommend looking through the functions.php file of all your themes, then the wp-config.php for your MultiSite, and finally the .htaccess for any weird code!

  4. Emilie
    Posted 2 years ago #

    Thanks Brett, checking right now. I have other WordPress installations on this space and all are reacting the same.

  5. Emilie
    Posted 2 years ago #

    I've checked the functions.php of the theme the student used but checking all of them will take forever (they made me install LOTS of themes in their enthusiasm lol...) nothing fishy in my .htaccess or wp-config files and in the functions.php files I've check so far

  6. Andrew
    Nuh uh moderator
    Posted 2 years ago #

    Try running your site on this
    http://sitecheck.sucuri.net/scanner/ - To check for malware.

  7. Emilie
    Posted 2 years ago #

    Everything is good (only warning is for outdated software), I have some older WordPress installations on there.

  8. esmi
    Forum Moderator
    Posted 2 years ago #

    I strongly suggest that you read this article.

  9. Emilie
    Posted 2 years ago #

    esmi, great info thank you! I will go through it and fix what needs to be.

    Things got solved out. My web host spotted attacks and installed that extra check to make sure we don't get hacked. I much prefer that! Currently making sure all my students' sites are ok.

  10. Bozz
    Posted 1 year ago #

    Just to follow up, I think many webhosts were implementing this as part of a defense against brute force password attacks. Surprised me too! I don't think we were hacked, just a security precaution on the part of webhosts.

Topic Closed

This topic has been closed to new replies.

About this Topic