Support » Fixing WordPress » I think I was hacked

  • I run a popular book blog and a few days ago I noticed all my plugins had been turned off. I checked and there was a new user account (called “wpadmin”) that had been created with admin access. I cancelled the account and reactivated my akismet, etc., but then other strange things started to happen. All of my Pages disappeared and now I can’t post. I installed 2.3.3 and still nothing. Further, the buttons in the editor have switched to text only versions resembling the basic editor that comes with a account. I can write a post and it will auto save, but if I try to save or post it, it goes to “post.php” and nothing happens — just a white page. People can still comment normally on existing posts though.

    Can anyone tell me what happened?

Viewing 1 replies (of 1 total)
  • Same thing happened to me. I’ll bet that your default uploads folder had turned to something like “/../../../../../../../../..” etc. Look in you uploads folder for strange folders that don’t conform the naming conventions that WordPress uses. Inside there will likely be a some php files and images related to porn spam. You might have a hard time deleting them. I couldn’t delete all of them via FTP becasue i didn’t have the proper permissions. I called tech support at my ISP and the first guy had to get a supervisor to delete them because he couldn’t either. All my Pages were gone, but my Posts were untouched.

    Changing the permissions on the upload folder to 755 helped me, I got hacked again, all my plugins were turned off but they were unable to upload files. Finally I relented and “upgraded” to 2.3.3. I had been waiting because I was angry about losing inline post previews. I guess having to install a plug in is better than getting hacked repeatedly.

    However… less than two days after installing 2.3.3, someone managed to login as admin (from Amsterdam – I used Audit Trail plugin) and they altered the most recent post, filled it with 6’s.

Viewing 1 replies (of 1 total)
  • The topic ‘I think I was hacked’ is closed to new replies.