Support » Fixing WordPress » wp 2.5.1 hacked

  • Hello,

    Some hacker from Turkey changed the code and wiped the content of my two websites running WP 2.5.1 I checked the database, no unknown users. Checked file permissions, most of them are set on 644. Checked the code and still cannot locate the exact place where he got into. Any ideas?
    My webiste address is He wiped everything and cleaned my theme so not too much there. He set up redirection to his own website hxxp:// (substitute xx for tt)
    Anyone else affected?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Same turk hosed my website too. His IP is in the range.
    No redirection in my case though.

    What he did was change the index.php file in the current theme. Once I replace it with the original, everything was back.

    Both of you need to notify your web hosts of this breach in security ASAP if you haven’t done so already. Change your root passwords (in your cPanel/web host dashboard).

    It concerns me that there appears to be a number of instances of supposedly secure 2.5.1 being hacked. I am hopeful that these are merely previous hacks not coming to light until after an upgrade, due to the site owner being unaware of the hack and those hacked files being carried over into the upgraded WP site.

    Mine was a completely new WordPress 2.5.1 installation. i did not carry over any old files at all.
    Thanks for the suggestion. I’d better let my web host know.

    And chiamtj, if you haven’t deleted any of those suspect files from your server, go ahead and download them to your hard drive and zip them up and send them to your web host before you kill them from the server. Make a note of the date and time stamps on the files and folders. My web host usually likes to have this information, helps them troubleshoot how and where the hacker got in. 🙂

    And it could very well be they got in through someone else’s account.

    Also, be sure your file permissions are set correctly. For example, if you have i set so that you can edit your files through the WP admin area – be sure after you’ve made your edits that you reset the file permissions. And make sure your “uploads” folder isn’t at 777.

    (and “Hi Joni!” Shelly from WDG. 🙂 )

    I have a similar problem that shows up as adult-oriented google links located in the header file. I’ve erased this a couple of times over the last few days but it keeps showing up again. Don’t know how serious this is???

    Is there an update in the works as this is annoying right now and I don’t know if it is more dangerous or not.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘wp 2.5.1 hacked’ is closed to new replies.