Roadwolf
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Repeated Hacks at SQL Level.Sorry for my previous post.. It was a tad lazy on my part to post that. I didn’t mean any disrespect.
Since that post however I think I did find a deeply hidden php hack file (PHP_Nuke*), inside the root directory of my server, hidden inside cpanel files (great work hosting company!).
That being said I host several websites, and they all share that common root directory. Only my main blog was being targeted. But then again, I do sometimes post some controversial content on my blog, and wouldn’t be surprised if this was someone who wanted it to disappear.
It has been secure since I discovered and removed that file, and did another complete wipe, and install. I also changed the SQL database and deleted all the tables except my posts. Then imported my posts to the newly installed database. The “All In One WordPress Security Plugin” has been great in preventing further attacks however. It is reporting that I am getting over 1000 IP’s (likely proxies) attempting brute force ‘admin’ login hacks an hour. The login attempts have now switched to using ‘test’ as a login instead of admin. So it is someone who really wants to get in.
To answer some questions however:
“All In One WordPress Security Plugin” Plugin Version: 3.7.7
WP Version: 3.9.1
MySQL Version: 5.1.63
PHP Version: 5.2.17
Apache version 2.2.22I am using the F2 Theme.
Blog is located at roadwolf.ca
I have not used or heard of the MailPoet plugin. The only real plugin I dealt with at one time aside from Akismet was the Jetpack plugin package.
My hacker goes by the name Moroccan Double Agent.
Forum: Fixing WordPress
In reply to: Repeated Hacks at SQL Level.I have read all of what Jan posted before. And re-reviewed the links, but they did not really help too much.
The “All In One WordPress Security Plugin” that Ross posted, I really like.
Taking all the information into consideration, I did a full filesystem wipe last night including all my uploads and other files not associated with WordPress. I Then changed databases, and database user/password (to randomized names). I scanned the old database and manually went thru it, looking at anything suspicious, deleting many tables which didn’t look legit vanilla wordpress.
I installed a fresh install of wordpress install from wordpress.org and a fresh new theme. linked to the new database. I did not upload anything else, and simply just got my blog working again.
Sure enough, tonight right on schedule, the file change scanner in the “All In One WordPress Security Plugin” informed me of file changes in every .php file in wordpress.
I am thinking there is a vulnerability within wordpress itself which is being exploited. This is also what my host is suggesting.
Forum: Fixing WordPress
In reply to: Repeated Hacks at SQL Level.Hmm Okay. Well I only use Akismet as a plugin. But I will try that.
Also of note, whenever I try to update or install a new theme I get the following errors about update.php.
Warning: An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /wp-includes/update.php on line 119
Warning: An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /wp-includes/update.php on line 287
Warning: An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /wp-includes/update.php on line 435
I tried re-uploading a fresh copy of update.php a few times and that didn’t seem to solve it.
–
I will try the above mentioned plugin to see what it will find. I think the update.php issue may be a hint.
Forum: Fixing WordPress
In reply to: Comments not submittingI tried it in the 2013 theme, and still had issues. I have disabled the Jetpack Comments module inside Jetpack and it is working fine now. I posted on Jetpack’s support page.
Forum: Fixing WordPress
In reply to: Comments not submittingHmmm, it seems that it is Jetpack which is causing the problem. I disabled the plugins, and then started them up again, and when Jetpack was re activated, comments stopped working. Mind you I only use Jetpack and Akismet, so I don’t really run too many plugins.
Forum: Fixing WordPress
In reply to: How to remove hidden adminYeah, what the hacker did to my site was create that hidden admin name, log in and change the permalinks to redirect to another site. I didn’t bother even looking to see what tags he entered, I just switched it back to my default style without his customized tags. This is of course after i removed him, and at the same time as i removed him, i updated wordpress, deleting all my files except my local photos, theme and config file, and completely reinstalling. The theme looks unaltered. But if anyone else has experienced someone editing their theme, let me know.
My hackers username was RodrigoFitzgerald85
Forum: Fixing WordPress
In reply to: How to remove hidden adminYou have to go into phpMyAdmin to fix this. Find users, browse the section, and you will see a list of all your users. go to the back of the list and you will see the latest entries. for me, the hacker used some .ru domains to sign up. I deleted those from the SQL table and the user was no more.