WordPress.org

Support

Support » Requests and Feedback » Hacked By Georgian Hackers

Hacked By Georgian Hackers

  • This must be a new thing cause I see no other references to it at all. My wordpress has been hacked. The Index.php contains Georgian Hackers code that apparently failed with a “500 Internal Server error” at first but now it’s been hacked. If there is an official place to report this, I didn’t see it.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Make sure you notify your web host about this breach in security. There has been quite a bit of hackery going on with regard to an xmlrpc exploit and the advice is to just kill the file (it’s in the wp root). Don’t know if that was the method of ingress in your case tho.

    Contact security@wordpress.org with any info you may have such as server logs etc.

    Thanks, I removed the file mentioned so it’s not usable. Thanks for the information. I sent email to the address above.

    Some of the log files I’ve seen look like someone logged in via wp-login.php, changed some files via templates.php, and changed some options via options-general.php. Looks like they just logged in with the proper username and password. Changing the passwords for all users on your blog would be a good idea. If you’ve been hacked, check your options in Options->General, your /index.php file, and all of your theme files for tampering.

    Those of you who were hacked, what host are you on?

    Several of those hacked are using the wp-forum plugin, which has a vulnerability that is being actively exploited.

    http://www.frsirt.com/english/advisories/2008/0235

    whooami

    @whooami

    Member

    ryan,

    you can take the horse to the water but you cant make it drink 🙁

    http://wordpress.org/support/topic/154770?replies=5

    (On a completely unrelated note, bentram left a comment on my site that he was adding a link to my site inside a trac ticket that relates to the xmlrpc issue.. delete the link please when you come across it. matt is already aware of whats on my site)

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Hacked By Georgian Hackers’ is closed to new replies.