Straight to the point. Just yesterday evening, my website had a successful hacking attempt in years. It seemed not to harm extensively and only had the latest blog post modified with “hacked by NG689Skw” in the title and in the content body.
Yes it’s my mistake that I had not updated to 4.7.2 (due to whatever reason) but I’m not sure if only this update would have protected my website from this hack as I see a bundle of search results relating to that hack on various website attempted previously or recently. You can search on Google with the keyword “hacked by NG689Skw” or just “NG689Skw”. Some have fixed the pages but some are still there.
Curiosity is that how could the attempt was limited to only editing a blog post title and the content. That too in only the most recent blog post? I also found this factor in many sites affected with the hack found in search results – that only the recent post was titled exactly I posted above.
I then downloaded the database and searched for the keyword (in bulk backup queries). It was not found anywhere else. I just recovered the blog post from previous revisions.
But the concern is that there still could be footprints or back doors remained which I am having difficulty to find. Tried tools like Exploit Scanner, Sucuri etc. but they didn’t seem to help right to the point as they result in many false positives.
I thought to share the critical experience here with others as well as to find help or advice to seek presence of malicious code or content more effectively than these tools do.
Also read my other concern which I am not sure could be related to this hack or not.
- The topic ‘WordPress 4.7.1 “Hacked by NG689Skw”’ is closed to new replies.