WordPress.org

Support

Support » How-To and Troubleshooting » My site was Hacked

My site was Hacked

  • Thread7
    Member

    @thread7

    My site was hacked. The home page had a warning message from SnipeR-BaghdaD with an email address hackerpro79@yahoo.com.
    Anyways, I’ve read some good post in here on what to do in order to recover. Immediately after the discovery I got into admin and noticed I already have 2.8.4.
    I’m not sure which version I had before the problem. Maybe the hacker upgraded? But probably not. I was probably exploited with 2.8.4 on my system.
    So my question is this. I was using a template called Revolution Lifestyle 2.0. We had changed a lot of graphics, etc.
    Can certain templates have security vulnerabilities?

    Thanks.

Viewing 15 replies - 1 through 15 (of 37 total)
  • UseShots
    Member

    @useshots

    Do you have any other scripts on your site? Forums? What plugins do you use?

    You might want to contact your hosting provider to investigate the issue.

    Thread7
    Member

    @thread7

    I have two plug-ins that are active:
    Simple Sidebar Navigation ver 2.1.0 (2.1.2 is available)
    All in One SEO Pack ver 1.6.4.1 (1.6.5 is available)

    I have 3 more plug-ins that are inactive:
    Featured Content Gallery
    Hello Dolly
    Akismet ver 2.2.6

    I don’t have any forums. Are the plug-ins the more likely culprit? Both active ones were not updated to the most recent version.

    Thread7
    Member

    @thread7

    bump

    iridiax
    Member

    @iridiax

    Themes and plugins can have security vulnerabilities, but most likely these were not the cause of your hack. Do make sure that your theme and plugins are upgraded however.

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    Thread7
    Member

    @thread7

    Hmmm. Once thing that is too bad is that just about all the plug-ins that help you with security are out of date and untested with 2.8.4.
    Especially:
    Chap Secure Login
    WordPress Exploit Scanner
    AskApache Password Protect
    WP Security Scan

    Thread7
    Member

    @thread7

    I search these forums and I can’t find good discussions about protecting against vulnerabilities. I follow the links provided by the people above who were kind enough to answer me, and there is a lot of good information on those sites. I’ve followed the recommendations. But frankly a lot of that information is a year old. I still have no idea how I was hacked if I had version 2.8.4. If I do a Google search for my culprit – hackerpro79@yahoo.com – I get 5000 results! Thousands of other sites were hacked just like mine yet he/she isn’t even mentioned once in these forums. And still this forum is so busy that my post can’t stay on the front page for longer than 45 minutes.
    I just think there is a big problem and no one is addressing it. I want to get a discussion going. Either a WordPress developer will notice and investigate the problem or a forum admin will realize there needs to be a forum dedicated to security.
    I used to use an ASP based forum package and it was riddled with security holes that were always addressed too little too late. I finally had to stop using it. Since I’ve discovered WordPress I like it and want to keep using it. But if security isn’t given enough attention I’ll be faced without a tough decision.

    Jan Dembowski
    Volunteer Mod. & Brute Squad

    @jdembowski

    I just think there is a big problem and no one is addressing it.

    *COUGH*nonsense*COUGH*hyperbole*COOOUUGHHH*

    Sorry, only one cup of coffee and I hope you can appreciate my early morning humor.

    What’s not being addressed? One of the top sticky links on the forum:

    http://wordpress.org/support/topic/307660

    From the Codex
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://codex.wordpress.org/Hardening_WordPress

    iridiax had already posted a reply that clearly said plugins were “most likely these were not the cause of your hack” and gave you a link for remediation of your problem.

    If a vulnerability gets discovered it get’s addressed in short order. WordPress is used my a metric ton of people on the Internet so it’s no surprise that it’s a popular target for hacks. Spammer/exploiters go where the market is.

    I still have no idea how I was hacked if I had version 2.8.4.

    Neither do we. What you need to understand is that you got hacked but you have not identified if it was the remnant of you using an old version or your server was hacked. Or maybe you’ve been hacked and your passwords were captured. Or the boogey man.

    It’s a common refrain: “I don’t know how I got hacked. I’m running WordPress so that must be it. Why is this not being addressed?”

    Finding out how you got hacked does not work by process of elimination. Web servers are too complex to say “I ruled out everything so it must be XYZ”. If you can provide logs showing where the entrance point of your compromise was, and can demonstrate that it was WordPress 2.8.4, send the logs and a description of the exploit to security@wordpress.org.

    But if security isn’t given enough attention I’ll be faced without a tough decision.

    If you keep getting hacked and it’s happened to you before or you switched from an .ASP solution to avoid being hacked, then seriously, consider moving to a managed service.

    Good luck. I hope you find the entry point; if not you’ll get hacked again.

    Thread7
    Member

    @thread7

    Thanks jdembowski. If you read your reply again carefully you prove my point.
    #1. Your first link (to http://wordpress.org/support/topic/307660 ) states that all security problems are with older versions of WordPress. I’ve already stated in this thread several times that I was using the most recent version.

    #2. There is no sticky thread in this forum stating that if you’ve been hacked to send your logs to security@wordpress.org. None of the links that people have provided or I’ve found myself ever mentioned to do this. I would think that should be a little easier to find, don’t you?

    That is why I am saying security in WordPress isn’t being taken as seriously as it needs to be. I’d guess the 5,000 other sites that were hacked by the same guy would agree.

    Don’t believe me? I Googled the guy and here are several other sites that were hacked, all using WordPress 2.8+.
    http://www.ecolifeadvisors.com/ – WordPress 2.8
    http://unlimitediphoneapps.com/ – WordPress 2.8
    http://spyera.com/tag/sms – WordPress 2.8.4
    http://chodely.com – WordPress 2.8.3

    Jan Dembowski
    Volunteer Mod. & Brute Squad

    @jdembowski

    Sigh, you’d think I’d learn. I think the important thing is that you’ve been pointed to a link to help you clean out the hacked blog.

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    Now for a little diatribe:

    First thing: There will be an exploit or proof of concept against WordPress 2.8.4. Guaranteed. Hopefully it will be long after 2.8.4 is in the dust bin.

    Onto your points.

    #1 That link was to illustrate that security is taken seriously.

    #2 Nope, you are right, there is no sticky thread for that. Perhaps a moderator will fix that. In the meanwhile that e-mail address is mentioned over 2,000 times in these forums

    http://wordpress.org/search/security%40wordpress.org?forums=1

    This is a volunteer self help forum so the organization may be off. Sorry to point this out but self hosted WordPress really is not for the faint of heart. Self hosted anything on the Internet requires work and I’m confident you know that too.

    #3 Never once said I don’t believe you. What I did say is that you are making a leap in claiming it’s WordPress 2.8.4 without proof. You top two examples of 2.8 just confirm what was said before: upgrade to 2.8.4 or deal with the consequences.

    So a hacker was prolific and broke +5,000 websites. A script kiddy exploiting the same flaw repeatedly; that’s not news or even original.

    Now do you know if those sites had a plugin that was weak or did the script exploit an old weakness? Any details on how they or your blog was compromised? Not guesses or suspicions but anything that can help actually solve a problem?

    nudm
    Member

    @nudm

    Hi Thread7, my site just got hacked by the same guy. Maybe we could compare notes and try to get to the bottom of this. Please email me if you would like.

    jxrtau
    Member

    @jxrtau

    jdembowski, it is smart alec know it all people like you that frustrate internet users.
    Your link for a hacked blog is about as useful as turning your computer off and then on again.
    If you have nothing to add to a specific request then don’t bother.

    Nile Flores
    Yoast Support

    @blondishnet

    Alright, I am adding my advice in as a small webhost over the past 5 years.

    It could be your server, not just your WordPress was hacked in particular. It happens and I have seen it a lot.

    As for your WordPress, those plugins you listed are okay. I would say if you are already using the most current version of WordPress, you can harden your security. You can follow the tutorial link below to my tutorial to do that – http://blondish.net/articles/tutorials/how-to-secure-your-wordpress-blog/

    Jan Dembowski
    Volunteer Mod. & Brute Squad

    @jdembowski

    jdembowski, it is smart alec know it all people like you that frustrate internet users.

    A fan! And here I thought my comedy was unappreciated. I’m not a know it all, but I do know something about this. That link was the most helpful part of my post. The rest, as indicated, really was a diatribe.

    Your link for a hacked blog is about as useful as turning your computer off and then on again.

    This is a self-help volunteer support forum. What would be really useful for anyone who was hacked if they could get someone on their box who knows what they are doing to do a postmortem on the hack. That sort of help is often paid for, and there are people who do that sort of thing on this forum (not me, but http://jobs.wordpress.net/ is there for pro work).

    So that link, while you don’t appreciate it, is really a good resource for helping yourself.

    If you have nothing to add to a specific request then don’t bother.

    Sure thing Boss! Hey, so what did you bother to add? Sorry, that’s just the smart alec in me talking.

    Samuel B
    Participant

    @samboll

    jdembowski, it is smart alec know it all people like you that frustrate internet users.
    Your link for a hacked blog is about as useful as turning your computer off and then on again.
    If you have nothing to add to a specific request then don’t bother.

    What did you add to this thread? Oh yea, a smart alec observation – IOW…nothing

    mrgray
    Member

    @mrgray

    My site too was hacked yesterday. I think part of the problem could the be the webhost as the hacker attacked a number of other sites all on the same shared IP address. I was able to regain access by uploading a backup of my theme files, and will now work on trying to strengthen security. Will also revert to a database backup from a few days ago and upload new core files, plugins etc. Am still worried though that maybe the hacker has been working on the site for a while now and had placed something in the database. Is this something I should be worried about or am I just paranoid now?

Viewing 15 replies - 1 through 15 (of 37 total)
  • The topic ‘My site was Hacked’ is closed to new replies.