WordPress.org

Forums

WordPress 2.6.2 got hacked (6 posts)

  1. cheekbone
    Member
    Posted 6 years ago #

    My WordPress 2.6.2 got hacked today. I have no idea how exactly. But I found this in my stats:

    07:16:17 ->/wp-login.php
    07:16:21 ->/wp-login.php?action=lostpassword
    07:16:24 ->/wp-login.php?action=lostpassword
    07:16:25 ->/wp-login.php?checkemail=confirm
    07:17:20 ->/wp-login.php?action=rp&key=Ix9moYvBmI0DiDnKwp6j
    07:17:20 ->/wp-login.php?checkemail=newpass
    07:17:54 ->/wp-login.php

    I have an email around the same time about a password change. And while I was still logged in myself, I found out (later) the email address of the admin had been changed.

    I've since deleted some plugins (which I think weren't the problem) and added secret keys to the wp-config. Is this enough or am I still vulnerable?

  2. I've since deleted some plugins (which I think weren't the problem) and added secret keys to the wp-config. Is this enough or am I still vulnerable?

    The data in your stats or logs might not be indicative (but they can't hurt).

    Are you on a shared host? If you are and someone was able to read your wp-config.php file then they could have simply read your database host/id/password and made the changes without hacking WordPress.

    If you are not on a shared host, the give your logs a look including the login logs.

    Either way you may want to read this article by Donncha "Did your WordPress site get hacked?"

  3. Judging by the time delays there, I'd say somebody got access to your email account and then simply reset your password on the blog.

  4. cheekbone
    Member
    Posted 6 years ago #

    I think you might be right Otto.. I've changed the email address to a gmail address. Still worried, but it might not have been WordPress' fault. Thanks guys.

  5. unixgolf
    Member
    Posted 6 years ago #

    Very misleading title, WP 2.6.2 didn't get hacked. YOUR website got hacked.

  6. cheekbone
    Member
    Posted 6 years ago #

    Well, at the time I thought WordPress got hacked and I'm still not sure it was my email. Someone changed the WordPress password, admin email, changed a post on the site and created a draft before that. Nothing else was touched.

Topic Closed

This topic has been closed to new replies.

About this Topic