Site hacked!

thomasareed
(@thomasareed)

11 years, 10 months ago

I just discovered this morning that my wife’s site, which I am responsible for maintaining, has been hacked. Someone changed the admin password and e-mail address, as well as the password and e-mail address for the only other user I have set up.

I’m unsure how they got in. I know the site had been under attack by a botnet for a couple weeks, as the Limit Login Attempts plugin was blocking countless failed login attempts per day. However, I wasn’t using the default “admin” username, so the vast majority of these attempts weren’t even targeting a valid username. And the admin password was a strong one, completely random and 16 characters long with lower and uppercase letters, numbers and symbols.

The site is running the most recent version of WordPress, and the most recent versions of the plugins it uses (Events Manager, Limit Login Attempts, Scroll post excerpt and Tweet This).

Thus far, I haven’t found any indication of anything else being changed. None of the posts or pages appear to have been modified, and after scanning all the files on the site, none of them appear to have been modified recently. Obviously, this failure to find any modifications makes me nervous.

So, a couple questions:

1) How did they get in? Is there some vulnerability somewhere that I’m not aware of?

2) Any tips on finding and removing any modifications?

Thanks in advance!

Viewing 3 replies - 1 through 3 (of 3 total)

Moderator t-p
(@t-p)

11 years, 10 months ago

You need to start working your way through these resources:

How to clean and fix hacked WP blog:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
http://www.jtpratt.com/how-to-fix-a-hacked-wordpress-blog/
http://sakinshrestha.com/wordpress/fix-if-your-wordpress-site-is-hacked/
http://www.wpbeginner.com/wp-tutorials/how-to-find-a-backdoor-in-a-hacked-wordpress-site-and-fix-it/

Harden your WP installation: http://codex.wordpress.org/Hardening_WordPress

Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Thread Starter thomasareed
(@thomasareed)

11 years, 10 months ago

I was kind of hoping for more specific advice. I’ve already done most of the things in the Hardening WordPress document, and have been working through some of those other documents as well. However, I’m still concerned about how the hacker got in in the first place, and why I’m not finding any modifications where most pages tell me to look.

Moderator t-p
(@t-p)

11 years, 10 months ago

I was kind of hoping for more specific advice … I’m still concerned about how the hacker got in in the first place, and why I’m not finding any modifications where most pages tell me to look.

There is no silver bullet.

http://www.wpbeginner.com/wp-tutorials/how-to-find-a-backdoor-in-a-hacked-wordpress-site-and-fix-it/

http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Site hacked!’ is closed to new replies.

Site hacked!

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics