WordPress.org

Support

sec-w.com

  • jeje68630

    @jeje68630

    Hi,

    just a word to inform you that I’ve been hacked by these guys I guess : http://sec-w.com

    I’m not up to date and I have WP3.2.
    They’ve managed to change all the users passwords and logins. But nothing else I hope.

    They’ve posted things on youtube : http://www.youtube.com/watch?v=a_vVNi0hg9E

    I don’t understand anything.

    Now it’s time to upgrade.

Viewing 7 replies - 1 through 7 (of 7 total)
  • esmi

    @esmi

    Forum Moderator

    I’m not up to date and I have WP3.2.

    Then I’m sorry but that’s probably why you were hacked. See http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

    Just found today, I’m Hacked by the same MOB – How to prevent, they have got into my cpanel and MSQLdb changed users and passwords. This was on a brand new installation, passwords to cpanel very secure, latest WP version installed 3/10/12 direct to main directory.

    My site still appears stable, but I can’t access the WP Log in – going in via cpanel and viewing the DBase is where I found my user name was changed to ‘sec-w.com’.

    Any help appreciated, this is all new to me.

    Prior hack:
    On 2/10/12 the total site was hit, my Hosting ISP said a number of WP sites got it. They added a new index.php file to re-direct, I found this and deleted it, changed all passwords and still they had deep code that inserted code on each page – ACTION: deleted the WP installation and started again.
    Re-installed WP 3/10/12 – and now as mentioned first up they have gained access to the MSQLdata base. Is it via cpanel or is this just a straight hack into WP?????

    Hi,

    go to phpmyadmin, check the table wp_users.

    I’ve put a new password in the password field. If I remember well, I’ve corrected the email adresses and put blank in user_activation_key.

    Then I asked my user to reset their password. I don’t have many users so that’s fine.

    Once I had access back, I’ve upgraded immediately.

    Well well, ‘I’ve been hacked for the first time in my carreer. Do you recognise the situation? Somebody asks you to make a website. I opt for WP and all goes well for a short time. The other party’s host is a drag. I never can get into the control panel and it works terribly. No rush when the website is up and running since I can do all I want within WP. Then after a while WP grows, but the host doesn’t: no MySQL upgrade, so no upgrade to WP 3.0… So for some time I’m yelling: upgrade your hosting or change host and we’ll get hacked but the host only makes smarttalk and the client doesn’t understand a bit of it all, so we’re still using 2.9.x. And today, tada!, “I can’t login”. No ‘biggie’. Both users were renamed to sec-w.com, so I made a new admin and deleted both users. I can’t find any spam, malware or anything. I checked the site on a few places, nobody sees anything. Luck? Just enough security? Or does the sec-w.com hack do something I haven’t looked at yet?

    If this is all, I will only advice the other party to make a hurry with chaningings hosts. If I’m going to have to look for SQL injections or whatever, I will just delete the whole thing and tell them there is no website when there is no proper hosting.

    I’ve been hacked several times, even with a wordpress up to date. You can find some youtube videos about sec-w.com. It seems to use brute force to crack passwords.
    I’ve changed my passwords to more complex ones but it doesn’t do a thing.

    To me, the breach must come from plugins or themes. I recently changed my theme. FYI I was using gamezine theme.
    I’ll let you know if I’m hacked again. It usually happens every 2 months!

    Moderator Mark Ratledge

    @songdogtech

    Forum Moderator

    @jeje68630 said:

    I’ll let you know if I’m hacked again. It usually happens every 2 months!

    If you’re getting hacked every two months, you’re not doing a complete job of cleaning your site or finding a good web host.

    Work your way through these resources and follow all instructions to completely clean your site or you may be hacked again. See FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress « WordPress Codex.

    Change all passwords. Scan your own PC. Use http://sitecheck.sucuri.net/ before and after.

    Tell your web host you got hacked; and consider changing to a more secure host: Recommended WordPress Web Hosting

    If you can’t do the work yourself, consider looking for a reputable person to fix it correctly on jobs.wordpress.net or freelancing sites such as Elance. (It’s not a good idea to respond to unsolicited emails from forum users offering to work for you.)

    Try using BPS Security Plugin, I found it gave me security and has stopped hacks.

    NOTE: it is essential to change some folder file permissions, use Cpanel or FTP to enact.

    Hackers gain access via these folder permission weaknesses.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘sec-w.com’ is closed to new replies.