Support » Fixing WordPress » wp2.5 has been hacked!!!

  • I am moving this here as I have not gotten any response at the other post (I must have posted in the wrong category).

    I’ve been hacked! I was online and noticed it rather quickly and changed things back in my admin, so the hacked post is down but I don’t know how it happened. Can anyone tell me what to do to stop it from happening again. I thought 2.5 was better at protecting us from this.

    My blog title was changed to:
    HACKED by CHEM11 and a protected/Private post was put in with all kinds of code. I deleted it. I didn’t want to save it or anything. I know this would have helped, but I just wanted it gone.

    What info do you guys want to know?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Have you changed your admin password? Do you have any users you don’t recognize? Do you know how to access your MySQL database to look for a hidden user account? This is a different approach from the hacks I’ve seen in here lately

    mechx1, i have not changed the password,until tonight when I was hacked. fyi, my password has 11 characters, a mix of numbers, caps, and symbols.

    I can access MySQL, but I don’t know what to look for or where.

    I can access MySQL, but I don’t know what to look for or where.

    you have phpmyadmin???
    SmockLady… see if in your users-table (in mysql page) have an user width name WordPress and if exist delete.Read this:

    Theree is another relevant thread here

    Again, you may have something different, these threads describe the characteristics of recent hacks that you should probably be aware of.

    cave-bit is saying that you should consider using phpmyadmin to get in to your user table and see if these is a user in there you don’t recognize. Usually there is nothing else in the record other than user name and password, and many people have reported that the user name is WordPress. If you find such a hidden user, you can delete that record from the database, but be very sure that it is not a “real” user. I’m sorry, I don’t remember the name of the user table off the top of my head, if it will help I can look it up.

    I don’t see that those are helping me. I don’t have any users, hidden or otherwise (ha) that are named WordPress.

    I found another post in my drafts folder this morning that was not published yet. I have not deleted it and want to desperately. I was wondering if anyone wanted to look at the code in the post and would it help anyone in figuring this out. It looks to be nothing other than design code and some not so nice things about the US and Bush.

    It is unlikely that looking at the post code itself would help us figure out how it got there. Is there a user listed for these posts, and do you have that user in your list on the admin panel? If you have a user posting and you can’t see them in the admin panel, and you haven’t looked for that user in your databse, then you need to do so.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘wp2.5 has been hacked!!!’ is closed to new replies.