Hacked v. 2.9.1 (11 posts)

  1. Randy Reddick
    Posted 6 years ago #

    I have a 2.9.1 site that was just hacked. Scrolling image in <title> area says this: "Hacked By StorM s70rm@hotmail.com] == Palestenian Hackerz"

    On the surface this looks similar to a 2.7 hack reported in http://wordpress.org/support/topic/237003, but preliminary probes don't match.

    The hackers have reset the user table, so at this point I still can't get in to administration. Any and all help / suggestions would be appreciated.

  2. MichaelH
    Posted 6 years ago #

    Review FAQ_My_site_was_hacked.

    If necessary you may need to use some strategy here to reset your password Resetting Your Password.

  3. Randy Reddick
    Posted 6 years ago #

    Thanks. I have managed to regain access to wp-admin, but I;m still looking for a lot of answers. It appears they have erased about 30 users, and I'm not yet displaying what should be there.

  4. Roy
    Posted 6 years ago #

    I hope you have a backup?

    In Michael's first link, read it completely and carefully and also the links that are in that article, especially the "how to completely clean your hacked blog". Try to find out the point of entry. If you're on 2.9.1 it should be either a bad plugin, maybe your theme, but more likely a fellow website on the shared server you might be hosted on. In the last case, you might want to talk to your host.

    When all is cleaned up, find that nice "hardening WordPress" article in the docs section.

    Good luck.........

  5. Randy Reddick
    Posted 6 years ago #

    Thanks, Gangleri. Yeah, I have back-ups. This happened again, so I am pursuing the shared server idea.

  6. richrider
    Posted 6 years ago #

    One suggestion I would make (having JUST dealt with this on several of my sites two weeks ago) would be to change your WordPress database password. Since you only need to use this password once (usually on setup) - I would suggest using something like a random password generator - and making the password more than 40 characters (letters, numbers, punctuation etc).

    In my instance - they brute forced the mysql database password - reset the admin password - then defaced the site. Figure it's a good start to help...

    Good luck!


  7. dangernotice
    Posted 6 years ago #

    I downloaded WordPress after seeing some great looking sites, but am not a code writer and with the risk of hacking on top of the difficulty of setting up a page, wonder why I would want to use WordPress. I feel like an alien because I can't write PHP or even know what style sheets are. If you are a musician and wanted a car, would you need to learn design, mechanical engineering, welding, electronics, glass making, etc, or would you just go to an automobile dealer? Can you suggest a form area to find someone to build me a page from a theme I have downloaded or should I just go back to Blogger?

  8. If you are a musician and wanted a car, would you need to learn design, mechanical engineering, welding, electronics, glass making, etc, or would you just go to an automobile dealer?

    No, but you're mistaking a couple things. If you want a car, you're expected to know how to drive as well as how to fill the gas tank and change the oil (or who to call when you don't know how), right?

    By deciding to run self-hosted WordPress, you're expected to know how to run a website (this is driving, in the above metaphor). You can use pre-fab themes if you don't know how to do that, but you're at the behest of someone else (this is changing the oil). Filling the gas tank is writing a post. :)

    If it all just seems much to much, I would suggest instead running a wordpress.com blog, and if you really like it after a while, consider either learning what you'll need to host a website, or utilizing some of the premium WP features.

  9. texxs
    Posted 6 years ago #

    This isn't very helpful.

    I was able to regain access by restoring a backup of my database. However a scan show that the virus is still in my template files. I tried to just activate a different one and it's in there too. I tried restoring backups of my template files that didn't have the virus code (line 1 usually an encrypted string), but immediately after upload, the virus code is there again.

    Now what's the next step?

    Hmmm, I'll download a new theme and try that, but I don't think that'll work either

    They had a similar prob a work a while back and there was a virus on the server. Could be the same situation?

  10. texxs
    Posted 6 years ago #

    the site is http://redtideflroida.org/pages/ in case someone wants a peek...

  11. esmi
    Forum Moderator
    Posted 6 years ago #

    The server could have been hacked, yes. You may want to have a word with your hosting provider. I'd also suggest reading:


Topic Closed

This topic has been closed to new replies.

About this Topic