WordPress.org

Forums

WordPress 2.6.2 got hacked (6 posts)

  1. cheekbone
    Member
    Posted 6 years ago #

    My WordPress 2.6.2 got hacked today. I have no idea how exactly. But I found this in my stats:

    07:16:17 ->/wp-login.php
    07:16:21 ->/wp-login.php?action=lostpassword
    07:16:24 ->/wp-login.php?action=lostpassword
    07:16:25 ->/wp-login.php?checkemail=confirm
    07:17:20 ->/wp-login.php?action=rp&key=Ix9moYvBmI0DiDnKwp6j
    07:17:20 ->/wp-login.php?checkemail=newpass
    07:17:54 ->/wp-login.php

    I have an email around the same time about a password change. And while I was still logged in myself, I found out (later) the email address of the admin had been changed.

    I've since deleted some plugins (which I think weren't the problem) and added secret keys to the wp-config. Is this enough or am I still vulnerable?

  2. I've since deleted some plugins (which I think weren't the problem) and added secret keys to the wp-config. Is this enough or am I still vulnerable?

    The data in your stats or logs might not be indicative (but they can't hurt).

    Are you on a shared host? If you are and someone was able to read your wp-config.php file then they could have simply read your database host/id/password and made the changes without hacking WordPress.

    If you are not on a shared host, the give your logs a look including the login logs.

    Either way you may want to read this article by Donncha "Did your WordPress site get hacked?"

  3. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    Judging by the time delays there, I'd say somebody got access to your email account and then simply reset your password on the blog.

  4. cheekbone
    Member
    Posted 6 years ago #

    I think you might be right Otto.. I've changed the email address to a gmail address. Still worried, but it might not have been WordPress' fault. Thanks guys.

  5. unixgolf
    Member
    Posted 6 years ago #

    Very misleading title, WP 2.6.2 didn't get hacked. YOUR website got hacked.

  6. cheekbone
    Member
    Posted 6 years ago #

    Well, at the time I thought WordPress got hacked and I'm still not sure it was my email. Someone changed the WordPress password, admin email, changed a post on the site and created a draft before that. Nothing else was touched.

Topic Closed

This topic has been closed to new replies.

About this Topic