Support » Fixing WordPress » Website Hacked any Idea?

  • Hi everybody!
    First: thanks to all the community that had build WordPress. thanks for all this great work!
    Second: It’s the second time that my website is hacked by some Turkish script-kiddie. Everytime my index.php file is erased and replaced by a nice message like “Fuck america and Israel”…

    Not that I dislike this little genius of poetry but I worry about security of my WordPress installation…
    I’m running 2.0.4, and run a lot of plugins:

    Brian’s Latest Comments
    Cat Cloud
    Related Posts
    Random Header
    Google Sitemaps
    Jalenack’s Wordspew
    WImage Browser

    Some folders were “CHMODED” 777. Maybe It was the security failure…

    Now I’ve CHMODED all my files 755. Hope that’ll solve the problem but I’m dubitative… because I know that my index.php file was CHMODED 755…

    Have somone heard about a security failure of one of these plugin? Or a security failure in WordPress 2.0.4 itself?

    I hope someone could help me to avoid these stupid messages coming back…

    Thanks a lot for further help!

    (Sorry for my english I speak french)

Viewing 6 replies - 1 through 6 (of 6 total)
  • Here is a similar topic:

    And, files should be 644 and folders 755.

    I’ve searched with the keyword “security” but I’ve not found this one!

    My site blog has been hacked too. I dont know how all my files are 644 and folders 755’d. The only thing I can clearly say is that my hosting is a shared account, and I have 5 total sites on that account so far, 2 of them completely empty and 3 of them with content where 1 of them is a wordpress blog. Of the 3 with content they all got hacked by some turkish person and his ip got tracked by my visitor tracker.

    All of the index.php were changed to show his message, but it was easy to replace the 2 index.php for my content sites, I dont know how to do this for my blog though because trying to log into my wp-admin.php doesn’t seem to work.

    Plus is there any thing I can do to block this guy from coming back.

    A couple things you may want to eliminate as possibilities:

    1. Your internet host’s security has been compromised. You may want to check their forums to see if a lot of people are complaining.
    2. Your internet host didn’t set up their services in the best way. WordPress depends on PHP, MySQL and server software to run, and all of those can be easily hackable if they don’t have the right configuration or patches.
    3. Your security has been compromised. You may have a keylogger trojan on your machine that is transmitting your keystrokes to nefarious parties.

    My guess is that it’s not a WP specific security bug, since if script kiddies had a ‘sploit for WP blogs I think there’d be a ton of posts about it here. My gut tells me the most likely problem is #2, assuming you don’t have a permission problem in your own directory that’s allowing a hacker to get control of your account.




    graffitimonkie, you neglected to say what version of wordpress you were using, or what plugins.

    2.0.5 is a security release, read into that what you will.

    illovich, fyi, granted, there are not “tons” of posts about exploited blogs here, however there a good deal of them. Im not sure how or why you feedl you are able to write what you write with such assuredness, but I can “assure” you, there are more _insecure_ blogs than you might realize.

    Its merely a matter of time, not a matter of if.

    My WordPress site was hacked too. Luckily all they did was replace my htaccess file with a hacker message. Easily fixed, but something I want to prevent in the future. All my folders are set to 755 and all my files are set to 644 so I have no idea how he got in. My host says that my blog is set to 777 and I don’t see that anywhere since the permissions are set to 755 & 644. The only Plugins I am using are DoFollow and Optimal Title. I think I am using WordPress version 1.5.2, but I’m not sure. Anyone have any ideas?

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Website Hacked any Idea?’ is closed to new replies.