sec-w.com

Just found today, I’m Hacked by the same MOB – How to prevent, they have got into my cpanel and MSQLdb changed users and passwords. This was on a brand new installation, passwords to cpanel very secure, latest WP version installed 3/10/12 direct to main directory.

My site still appears stable, but I can’t access the WP Log in – going in via cpanel and viewing the DBase is where I found my user name was changed to ‘sec-w.com’.

Any help appreciated, this is all new to me.

Prior hack:
On 2/10/12 the total site was hit, my Hosting ISP said a number of WP sites got it. They added a new index.php file to re-direct, I found this and deleted it, changed all passwords and still they had deep code that inserted code on each page – ACTION: deleted the WP installation and started again.
Re-installed WP 3/10/12 – and now as mentioned first up they have gained access to the MSQLdata base. Is it via cpanel or is this just a straight hack into WP?????

Well well, ‘I’ve been hacked for the first time in my carreer. Do you recognise the situation? Somebody asks you to make a website. I opt for WP and all goes well for a short time. The other party’s host is a drag. I never can get into the control panel and it works terribly. No rush when the website is up and running since I can do all I want within WP. Then after a while WP grows, but the host doesn’t: no MySQL upgrade, so no upgrade to WP 3.0… So for some time I’m yelling: upgrade your hosting or change host and we’ll get hacked but the host only makes smarttalk and the client doesn’t understand a bit of it all, so we’re still using 2.9.x. And today, tada!, “I can’t login”. No ‘biggie’. Both users were renamed to sec-w.com, so I made a new admin and deleted both users. I can’t find any spam, malware or anything. I checked the site on a few places, nobody sees anything. Luck? Just enough security? Or does the sec-w.com hack do something I haven’t looked at yet?

If this is all, I will only advice the other party to make a hurry with chaningings hosts. If I’m going to have to look for SQL injections or whatever, I will just delete the whole thing and tell them there is no website when there is no proper hosting.

@jeje68630 said:

I’ll let you know if I’m hacked again. It usually happens every 2 months!

If you’re getting hacked every two months, you’re not doing a complete job of cleaning your site or finding a good web host.

Work your way through these resources and follow all instructions to completely clean your site or you may be hacked again. See FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress « WordPress Codex.

Change all passwords. Scan your own PC. Use http://sitecheck.sucuri.net/ before and after.

Tell your web host you got hacked; and consider changing to a more secure host: Recommended WordPress Web Hosting

If you can’t do the work yourself, consider looking for a reputable person to fix it correctly on jobs.wordpress.net or freelancing sites such as Elance. (It’s not a good idea to respond to unsolicited emails from forum users offering to work for you.)