Just got hacked…

  • Resolved jca

    (@jca)


    16 years, 2 months ago

    Woke up this morning to find 100 spam comments/trackbacks. Thought Akismet was down, but it seems my WordPress install was hacked to allow the spam comments to flow.

    When I try to login to my admin panel I get the “Your database is out-of-date. Please upgrade.” error, which means I’m locked out of the admin panel.

    Any ideas?

    Appreciate any help/info.

Viewing 6 replies - 1 through 6 (of 6 total)
  • whooami

    (@whooami)

    16 years, 2 months ago

    Why do you think that indicates you were hacked?

    spam comments and trackbacks DO get past askimet, its posted on all of the time.

    That said, your running 2.1.3, so frankly, if you were hacked, it’s on you. That release is has been obsolete for what, a year?

    If you read your dashboard, or ever both to look here:
    http://wordpress.org/development/ you would know this.

    Thread Starter jca

    (@jca)

    16 years, 2 months ago

    I’m assuming the spam is following because plug-ins (like akismet and captcha) have been disabled – hard to say since I can’t get into the admin panel.

    And thanks for the help with the out-of-date WP install reminder. I’m aware of that, but haven’t been able to upgrade for unrelated reasons. If you have any advice or help, it would be appreciated.

    Lester Chan

    (@gamerz)

    16 years, 2 months ago

    As what whooami said, go upgrade it. The developers release upgrades for a reason.

    whooami

    (@whooami)

    16 years, 2 months ago

    I wouldnt assume anything, thats not real safe, and may be what has led to this in the first place.

    If you were hacked, which given your version, is a possibility, you have more to worry about than disabled plugins and 100 some odd spam comments.

    Best case scenario (just wordpress):

    they have your WP admin password

    Worst case (home directory compromised):

    they have your WP admin password

    if they can read your files, they have your mysql password, and may have your ftp password, if they’re the same.

    ——–
    Looking at your plugins directory, I also see your using wp-db-backup, you might want to take a look at what version youre running of that, since there is directory traversal vulnerability in an older version.

    Thread Starter jca

    (@jca)

    16 years, 2 months ago

    Looks like it was the “ro8kfbswmag.txt” exploit:

    http://wordpress.org/support/topic/141041

    I’m repairing some of the damage now via MyPHPAdmin, but still can’t get back into the admin panel because of the previously mentioned version error. I see no wp_options SQL table setting for wordpress version numbers. Am I missing it?

    whooami

    (@whooami)

    16 years, 2 months ago

    thats a root shell exploit, done via a remote file inclusion, and that indicates far more than a simple hack.

    if that was used, you ought to see an indication of it in your sever logs.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Just got hacked…’ is closed to new replies.