Support » Fixing WordPress » Issues with LunarPages hosting and usernames being altered

Viewing 8 replies - 1 through 8 (of 8 total)
  • jherrington1

    (@jherrington1)

    Sounds like you might have been hacked …contact your host

    databell96

    (@databell96)

    Already did and even they’re stumped on this one. The fact it happened to more than one account is unusual. Still would like to know what nice name is.

    I just found the same thing on two of my accounts. I’m thinking it sounds like its been hacked. I’ll repost if I find anything. Any other help would be awesome.
    Cheers

    Was this also on LunarPages?

    Yes – turns out Lunar pages are closed Saturdays. i’ve tried resetting the User IDs/PWs via phpMYadmin – but that didn’t work. Tried resetting the keys via https://api.wordpress.org/secret-key/1.1/salt/ – didn’t work. Now getting 403 forbidden error. Attempting a restore from cpanel – will see how that goes.

    Had to rename my plugin folder via FTP, was able to log in. Had to do some updates on the plugins. Had to turn on one at a time, then update. Once all my plugins were updated everything seemed to work okay. I did notice a new admin user id created and deleted that.

    This is pretty frustrating. I was going to bring two clients to LunarPages but after this and the tepid response I got, I signed them both to InMotion.

    If you suddenly have a user renamed doomtimy, you have been hacked.

    I had the same issue, and didn’t take necessary precautions, even after seeing this post I just imagined somehow it was a bug and changed the password and lazily got on with my life. Big mistake. A few days later, my website got defaced. By this time I had installed Sucuri, so I have the IP the hacker logged in from: 36.71.232.109. It’s an Indonesian IP and the site that got plastered over my website was something about Indonesian liberation or something(in the rush to get it taken down, I forgot to take a screenshot… lol). It’s probably still a VPN, but might be worth adding to an IP ban list, not sure.

    All plugins that were active at the time of first breach:
    A2 Optimized 1.7.2 premium active
    Akismet 3.0.4 free active
    All-in-One WP Migration 2.0.4 free active
    All in one Favicon 4.3 free active
    BJ Lazy Load 0.7.5 free active
    CommentLuv 2.93.8 free not active
    Contact Form 3.85 free active
    Digg Digg 5.3.6 free active
    EWWW Image Optimizer 2.2.2 free active
    Google Author Link 1.5.2 free active
    Growmap Anti Spambot Plugin 1.5.6 free active
    Imsanity 2.3.2 free active
    Jetpack by WordPress.com 3.3.1 free active
    Limit Login Attempts 1.7.1 free active
    Magic Action Box 2.15.5 free active
    Pinterest Image Pinner From Collect… 1.93 free not active
    Popular Posts Tabbed Widget for Jet… 1.3 free active
    Q2W3 Fixed Widget 4.0.6 free not active
    SEO Friendly Images 3.0.5 free active
    Theme Authenticity Checker (TAC) 1.5.2 free active
    W3 Total Cache 0.9.4.1 free active
    WordPress Editorial Calendar 3.4 free active
    WordPress SEO 1.7.3 free active
    WP-Ban 1.65 free not active
    WP Maintenance Mode 2.0.3 free not active
    WP Smush.it
    It might also be worth noting that I had migrated the site with all-in-one-wp-migrate to a new host recently, and it seems like it might have changed the prefix for all my tables, the prefix is different from my original database, but not sure if that’s why they’re different. Also not sure if that makes the site more vulnerable and if it’s something I should fix.

    Precautions taken now:

      Reinstalled all plugins
      reinstalled WordPress
      scanned entire website including image files and non-WP related files for malware using WordFence(only known malware would be found, so this is a possible weakness with this method.)
      Reset the security keys. Manually deleted the user in phpmyadmin, and created a new one with a different username from the original one.
      Deactivated contact form plugin in case that somehow allowed the hacker to run a PHP script.
      I’ve changed my Mysql user password and manually updated my wp-config file.
      I have changed the login url, and stopped access to theme editor/plugin editor from within the dashboard.

    Is there anything more I can, and should do?

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Issues with LunarPages hosting and usernames being altered’ is closed to new replies.