Support » Fixing WordPress » My site has been hacked!

  • I discovered this morning that my wp-based site appears to have been breached. Two of my ‘categories’ now have /Eddy_BAck0o%200wnz%20y0u!!/ appended to the URI and therefore the posts in those categories are not showing!

    For example of the problem see …!!/

    I would appeciate any advice about where this hack lies web server / software / permalinks set-up? and how to rectify the problem!

Viewing 13 replies - 1 through 13 (of 13 total)
  • Moderator James Huff


    Volunteer Moderator 🚀

    You will have to contact your hosting provider and ask them to investigate the hack. WordPress may not have been the point of entry. There are several other possibie points of entry (such as Apache, AWStats, cPanel, and PHP) to consider.

    It looks like only your permalinks were altered, so just set your permalinks again in Options/Permalinks.

    Thanks for the quick response! I understand this is not necessarily a problem with wp and I have already been in contact with my provider .. they are looking into it. Thought I’d cover all the bases 🙂 I’ll try to set the permalinks again — thanks for that suggestion! Cheers D.

    most likely, it was a mysql injection somewhere.. could be from a plugin, could be if you have php enabled to execute in posts (from a plugin) could be from anything or any plugin. Only reaosn I thought of that is because I have had that happen before on other CMS’s that use php and mysql 🙁

    estjohn, looks like you’re on the money. the category_nickname fields had been altered in the db! Thanks for the pointer 🙂

    welcome…. good deal, glad you go it fixed…
    grrrr the people that do that stuff drive me nuts! I have had that done before on other cms’s and it is annoying to no end. Though I never have mission critical data, I have to feel for people that do when those… -worms- do that sort of thing to others sites…

    sorry for the rant.. that stuff just gripes me 🙂

    Gripes all of us “normal” folks….

    I *think* that some of it might be mitigated if the world would stop providing the attention the idiots are looking for. That would require SAYING NOTHING publicly, cleaning up the ick, closing the loopholes, and going on as if NOTHING had happened….

    Send the temper-tantruming 2-year-old to the time-out corner: no attention, no fun, no games, no toys, no cookies – silence is golden….

    ahh thats right… negative attention is still attention 😉

    now if the media could get it right and call these people crackers and not hackers… but that is a whole nother ballgame 😉

    How are they getting into the MySQL databases? I guess I better go back those puppies up tonight, eh?

    long story short.. if you have php enabled in posts, or in some cms’s it can even be done by entering an extended url of the domain with certain characters in the url.. it bascially “tricks” the code in front of the database… say the php.. to enter information into the database that the “cracker” wants to change in the database.. it pretty much takes advantage of bugs and exploits in code to allow the “Cracker” to do things that shouldn’t normally be done.

    As for backing up… yes.. backing up nightly is probabally a good idea.. if you can, run it as a cron job to backup a database.. or find a way to do it on a routine schedule. Also, it depends on how often you change you site or add posts.

    there are plugins for one step backups for the database which can be used…

    keep in mind though that this is NOT the only reason you should back up a database like this. With all of the vast majority of plugins, themes and such available to change the standard wordpress installation.. there are MANY compatibility issues between plugins, themes, and even versions of WP and different plugins and themes. Files and hardrives corrupt too.

    Any reason is a good reason to backup. It hurts hard to lose a whole site.. or even a few posts from one from dataloss no matter the reason.

    If the site is a livelihood and citical, minutes and hours can cost. Even if it is not critical… think how much time you ahve spent on your site.. now multiply that times at least $30 or $40 an hour.. of the idea of losing such as memories which cant be replaced.

    Backup… period.

    And, its a good idea to backup before you make any changes wheter its code changes, upgrades, new posts, new themes, new plugins, or any changes.

    uggg I need to learn to quit rambling!

    Well, you’ve at least jarred me from my complacency. I manage other people’s web sites and I try to run backups once a week. Sometimes, that isn’t enough tho. But I know who updates frequently and who hasn’t updated in a year. I think I will spend the rest of the evening in PHPMyAdmin….

    Yup. Wake up call, thanks estjohn….

    Hmm.. if only the permalinks were touched… could it just be that you did a chmod 777 to your .htaccess and somebody modified it?

    Moderator James Huff


    Volunteer Moderator 🚀

    The .htaccess file wasn’t altered. See:

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘My site has been hacked!’ is closed to new replies.