Support » Requests and Feedback » WordPress – major hack

  • Before I take this offline, I want to show the wordpress community a major hack. My site has been completely taken over, and the domain redirected to a hacker’s site. Get a load of it, it will be gone soon.

    [Link removed]

    As soon as I hear from my server about what they figure out from the access logs about how this happened, if it indeed is a weakness in wordpress, I will post it here.

    JSC, Boulder

Viewing 6 replies - 1 through 6 (of 6 total)
  • if it indeed is a weakness in wordpress, I will post it here.

    If, – and I say “If”, with no reflection or consideration necessary on my part considering what I just saw on your site – you believe that you have found something in WordPress that merits the urgent attention that your tone implies, it would be completely irresponsible to post those details in an open forum. The hack I see on your site is not limited to WordPress. If you still think you might really have something related directly to WordPress, this is the correct route to take:

    “Security

    If you think you’ve found a security problem in WordPress, please see the Security FAQ for information on reporting the problem.”

    Where do I report security issues?

    Good luck to you.

    I’ve written to security. But it is fine to say this publicly, that version 3.0 was hacked completely, after the database was restored from a backup, it worked fine again. It was indeed limited to WordPress, there is no other site out of the 15 others on that account that have any trouble. Nothing else was done. Just that domain that hosted wordpress. It was from an IP in Turkey.

    Moderator James Huff

    (@macmanx)

    Did you just restore the database backup or replace the files too?

    You mentioned that your domain was redirected, which is very difficult (if not impossible now) to do via the database. More than likely, it was either a .htaccess replacement or code injection hack, which can happen to just about any site or file on any shared server.

    It looks like someone modified .htaccess from outside and redirected.

    If you have restored just the database and your sight worked normally then might be problem with script injection and it’s not the problem of wordpress alone.

    mrmist

    (@mrmist)

    Forum Janitor

    If your site was indeed hacked (by whatever means) I don’t think that we want people clicking through to it from here, as potentially further exploits could be hidden in its code.

    So I’ve removed the direct link in your post.

    http://codex.wordpress.org/FAQ_My_site_was_hacked may be of interest.

    It was indeed limited to WordPress, there is no other site out of the 15 others on that account that have any trouble

    It may have been limited to the WordPress installation on your server so far, but that’s not quite what I meant. In the minute or two it took to skim a large number of other sites that were hacked with the same crap you experienced, the number of those sites using WordPress did not appear to be disproportionately high, when compared to the number of sites affected that were not using WordPress.

    It’s still a big pain in the neck, either way.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘WordPress – major hack’ is closed to new replies.