My Site's Been Hacked...!

15 years ago

Wow that is horrible. I think I read another thread a month or so ago where the same thing happened and I am pretty sure it was someone from Iraq.

I can think of a lot of ways whereby this guys time and energy could be a lot better spent!

[ 1 ] Thanks
1 reply

Signature

Homes For Sale

{{ DiscussionBoard.errors[981536].message }}

shirland 15 years ago

The hackers are always out there. When you think your computer is protected that when you get one. I will backup all my files today just in case, you never know.
- [ 1 ] Thanks
Signature
One Mutual Project

Hey ...Grab My Free Software if you want]fm Vic...
{{ DiscussionBoard.errors[981550].message }}

Astounding Writing Coach

15 years ago

That's a drag. That happened to me once and I was completely shocked to find it out. I told my webmaster and he felt shocked, too. Some people just have too much time on their hands!

Astounding Writing Coach

[ 1 ] Thanks

Signature

Astounding Writing Coach
Why do personal development, self-help, natural wellness and hypnosis small business owners regularly hire me for my engaging, intuitive, creative content writing skills? Because that's what I passionately do best.

{{ DiscussionBoard.errors[981592].message }}

Mike Hersh

15 years ago

I hope you'll find out what was the hack to save us all....

I'm using Wordpress 2.7 to.

Mike G

Thanks
1 reply

Signature

=> I'll Give You $2,000 To Test Drive My Sales Funnel!<=

{{ DiscussionBoard.errors[981657].message }}

WareTime 15 years ago

Originally Posted by Mike Hersh

I hope you'll find out what was the hack to save us all....

I'm using Wordpress 2.7 to.

Mike G

Why are you / is anyone / running WP 2.7 in July of 2009. 2.8.2 is out and a click away.

Oh, all your favorite plugins break in 2.8. Welcome to the wonderful world of open source cms'.

I'm so happy I'm free of the WP monkey off my back. My sites are ranking better too, even though everyone raves how Google loves WP sites.
- Thanks
{{ DiscussionBoard.errors[1001627].message }}

peter gibson

15 years ago

Man that is messed up. I'm upgrading tonight after reading this. Thanks for the heads up.

Thanks

{{ DiscussionBoard.errors[981668].message }}

Steven Fullman

15 years ago

Originally Posted by Franco Mocke

Why would a hacker want to hack into a wordpress blog?

I don't know.

Shall I email him and find out for you?

Thanks
1 reply

Signature

Not promoting right now

{{ DiscussionBoard.errors[981681].message }}

rosetrees 15 years ago

I had a similar problem a few weeks ago. Just a message from the hacker. Turned out that it was only the index.php files that had been replaced. I did a fresh install of WP on a new subdomain, installed my theme, ftped the index.php files to my hacked site and it was good as new. The content was untouched
- [ 1 ] Thanks
- 1 reply
{{ DiscussionBoard.errors[981696].message }}
- kevin campbelle 15 years ago
  
  There are a number of ways that a wordpress blog can be hacked. James (aka TheRichJerksNet) has a product called Wordpress Secured which is good, and he and others also has given general information in a few threads about some of the things you can do to protect your blog.
  
  If you do a search for wordpress hack in the main forum you will see a number of threads where it is discussed. To make it easier for you here is the search.
  
  http://www.warriorforum.com/search.php?searchid=1640381
  
  Kevin.
  
  Thanks
  
  {{ DiscussionBoard.errors[981849].message }}

Michael Motley

15 years ago

Thats why i bought an external backup drive this weekend. 1TB drive for only 119. I backed up my entire pc, and then backed up my sites. The sites themselves really dont take up that much room

Thanks

{{ DiscussionBoard.errors[981814].message }}

dsmpublishing

15 years ago

A friend of mine had her blog taken over around xmas time and her blog was suddenly full of porn and gambling content that it just wouldnt let her delete. Such a shame when it happens to you and i must admit im always backing everything up and carrying out virus checks as im concerned its going to happen to me.

glad you have it sorted out

sam
X

Thanks

{{ DiscussionBoard.errors[981863].message }}

Michael Mayo

15 years ago

Because he/she/it can so, it's an ego trip and a way for them to get a rush.

Originally Posted by Franco Mocke

Why would a hacker want to hack into a wordpress blog?

Steve, If you haven't already done so, run a virus scan on your system.
Just a couple months back there was a pain in the arse Trojan key logger
that once on your system would capture and use your FTP log in info to
hack your sites.

I went through it and it isn't fun as every time I fixed the sites involved it
would wait a couple of days and then strike again and the cycle would
have continued had we not discovered the the source was via FTP.

To stop it you need to change your FTP passwords with out it knowing.
It is a key logger so the only way is to do something like type a bunch of
random letters in a text doc like this:

dhsjekdivuendjslekdupqlwmendhsyetrncxc

then select random areas of the text to copy and past to change your FTP pass words.

Key loggers can't read copy and paste plus after you have done this then
write down your new pass words on a piece of paper and delete the text
file so even if it did follow what you did it won't be able to recreate it.

Hope that Helps,
Have a Great Day!
Michael

[ 4 ] Thanks

{{ DiscussionBoard.errors[981886].message }}

Peter Bestel

15 years ago

Yep, experienced this a few weeks ago too. Seems to target WP sites but not a Wordpress security flaw but as Michael and David (Kiosk2) said, it's a keylogger that gets to your site via your FTP.

Highly recommend Roboform and Craig Desorcy's Blog Lock Down. (Not aff link)

Mind you, if your PC is badly infected you may have to resort to a reformat.

I hope you don't.

Peter

[ 1 ] Thanks

{{ DiscussionBoard.errors[982048].message }}

lharding

15 years ago

Got to say, these virus attacks are pretty scary! I no longer use a PC, went over to the Mac and since not had any problems in this area. I guess Macs aren't popular enough for the hackers to justify writing a virus (or maybe it's too hard). I run Windows in a Virtual Machine on the mac if I have to have windows, so worst case, I just delete the Virtual Machine and create a new one from a copy I keep (which I guess is similar to the reformat suggestion, only takes a couple of mins though). If you don't like Mac, I believe Sun have released a FREE virtual machine which can run on Linux, which may do the same thing.

Just a thought!
Cheers, Lee.

Thanks
1 reply

Signature

Lee Harding

The Architect

{{ DiscussionBoard.errors[982129].message }}

rlrlphs 15 years ago

OH I'm so sad to hear that your site was being hacked by someone else. Yes, there should be a security in WP2.7 in order for you site will not be hacked.
- Thanks
- 1 reply
{{ DiscussionBoard.errors[982193].message }}
- Keithp 15 years ago
  
  I had the same thing happen to 3 of my sites last month.
  
  Drove me %$%^ batty! I didn't notice it until I got an email from a vistor telling me Kerpasky AntiVirus blocked his browser from viewing one of my sites.
  
  Turns out to have been a keylogging virus on my machine grabbed ftp usernames and passwords and the SOB went and added code to each of the index pages.
  
  I wiped my pc clean, reinstalled os, re-set EVERY password I have and then got my ISP to block the IP of the group that hacked my sites ( BTW they were from Amsterdam).
  
  I would love to meet the hacker(s) face to face to explain my extreme displeasure!
  
  Thanks
  
  {{ DiscussionBoard.errors[982232].message }}

josephmorris90

15 years ago

Originally Posted by Franco Mocke

Why would a hacker want to hack into a wordpress blog?

Probably because they found a public exploit and decided to google "Wordpress (whatever version)" or something that mostly every wordpress blog has and just enter the exploit on that wordpress blog and deface it.

Once an exploit is discovered and released for all of the people that just want to wreck stuff, it is a waste land and causes a lot of hard work for webmasters to get their websites back up running and up to date.

Thanks
1 reply

{{ DiscussionBoard.errors[982238].message }}

Susan Hope 15 years ago

Sorry this happened to you Steve but thanks for the useful reminder, need to go back-up!

Cheers
Sue
- Thanks
Signature
One-to-One WordPress Coaching Service Available at Low Hourly Rate - Let the frustration end now! WordPress Installs, Theme Design, Site Tweaks & other WordPress services available
Find me on Pinterest: PINTEREST
{{ DiscussionBoard.errors[982247].message }}

Steven Fullman

15 years ago

Just to let you know...

I've done some digging, and found a 'defacement' forum that this guy's a member of.

They hold contests, such as "This Week's Best Defacer"...bless 'em.

Turns out he cracked into mine last Wednesday...Lol...

Anyway, unfortunately, mine wasn't rated as a 'special defacement'

But, I don't think this is the work of a virus...

Keep safe, folks...there are over 20,000 other hacked sites listed on this particular forum...

[ 1 ] Thanks
1 reply

Signature

Not promoting right now

{{ DiscussionBoard.errors[982276].message }}

peter gibson

15 years ago

Originally Posted by Steven Fullman

Just to let you know...

I've done some digging, and found a 'defacement' forum that this guy's a member of.

They hold contests, such as "This Week's Best Defacer"...bless 'em.

Turns out he cracked into mine last Wednesday...Lol...

Anyway, unfortunately, mine wasn't rated as a 'special defacement'

But, I don't think this is the work of a virus...

Keep safe, folks...there are over 20,000 other hacked sites listed on this particular forum...

This thing only ever happens when Jack Bauer is on vacation you know.

I'm just sayin'. :p

Thanks

{{ DiscussionBoard.errors[982834].message }}

josephmorris90

15 years ago

At least you had a bit of glory Steven :p

But yeah, as you are pointing out, once that exploit is released into the public, such as a hacking community/forum, the exploit is on a website for everyone to view, there will be tons of people that will think "hey, I can just enter this code and I will be able to get into this dudes site"...sadly.

It is also hard to stay ahead of the hackers because unless you check the exploit and know what you are doing and can fix it, there will be hundreds of people googling "wordpress 2.7" (or whatever may be in a standard wordpress footer or on the standard wordpress site alone) and start entering that exploit they saw into a bunch of the sites that turn up in google.

It sucks, the only thing you can really do is keep upgrading to the latest version for everything, or else you are at risk. (Even upgrading can be risky because new exploits may be found and the programmers may have not caught it before they released the newest version)

Thanks

{{ DiscussionBoard.errors[982296].message }}

John Henderson

15 years ago

Wow. Check out their other targets -- "gsl.dlgjz.gov.cn", "swdc.govt.nz", "healthnwfp.gov.pk", "wj.cdta.gov.cn" -- they look like a couple of Chinese government sites, the website of the South Wairarapa District Council in New Zealand and what looks like a Pakistani government site possibly connected to the health ministry/World Food Programme.

How sad.

Thanks

{{ DiscussionBoard.errors[982352].message }}

blackhattube

15 years ago

hi steve,

Wordpress does have the bugs, I too have suffered iframe attacks in the past. Actually this happens because of virus/trojan residing in your PC which steals your FTP username and password. Follow these steps to protect your site, you will never face the problem again:

You can restrict access to wp-admin by adding following code in .htaccess
order deny,allow
allow from 000.00.00.1 # This is your static IP
deny from all

You can also place blank index.html file in wordpress admin and plugins folder, this way attackers cannot see which plugins are you using.

Thanks
2 replies

{{ DiscussionBoard.errors[982506].message }}

BrandonMc 15 years ago

All in all it's not that difficult to hack a blog. everyone here should do a simple test and test there own blog. Pull up http:/ /www.yur-blog.com/wp-content/plugins --- If you see a directory listing, then your a target.

That's just one simple example. no virus or malware required.

This one is an easy fix - Log into cPanel (or whatever) and goto Index Manager. There you set your blog to 'no index'.. But just as you keep your anti virus program updated, there are plenty of other precautions to security that should be addressed.. The a-fore mentioned TheRichJerksNet product and Blog Lock Down are both recommended. After all, there is only one person to blame if your sites security gets compromised.

(edit)
Yeah, and what BlueFart said - beat me to the punch he did
- Thanks
{{ DiscussionBoard.errors[982761].message }}

TheRichJerksNet

15 years ago

Originally Posted by BlueFarttube

hi steve,

Wordpress does have the bugs, I too have suffered iframe attacks in the past. Actually this happens because of virus/trojan residing in your PC which steals your FTP username and password. Follow these steps to protect your site, you will never face the problem again:

You can restrict access to wp-admin by adding following code in .htaccess
order deny,allow
allow from 000.00.00.1 # This is your static IP
deny from all

You can also place blank index.html file in wordpress admin and plugins folder, this way attackers cannot see which plugins are you using.

Sorry dude but that is not any security and the fact is any hacker can fake his ip and make the .htaccess think he is you.. Also since many ISP now use DHCP it makes that suggestion useless because many have a changing ip...

James

Thanks

{{ DiscussionBoard.errors[982804].message }}

TheRichJerksNet

15 years ago

Originally Posted by Steven Fullman

OK,

So a couple of weeks ago I applied to the NeverBlue CPA network.

They have a manual approval process. Didn't think much about it.

Until they called me late last night to tell me my application had been declined.

I asked why...

"Because your site has been hacked, Sir"

WTF?

Sure enough, my personal blog (firstnamelastname.com) has been defaced by a charming chap by the name of Sn!peR BaghdaD

The cheeky son-of-a-gun was at least thoughtful enough to leave his email address, in case I want to know "What A Hell We Doing HeR..."

Now, I'm fairly sure he wouldn't have brute forced my password...it's too complex for that...

...so I can only assume there's a security hole in WordPress 2.7

It's a straight out of the box install, with no plugins.

Just a heads up, if you're also running WP2.7...perhaps there are some security patches available...or maybe you should consider upgrading to 2.8

Luckily, my blog had no content of any real value...I hastily threw some content up there to help with my CPA applications...so I can wipe it clean without too much effort.

But, how about you? If you don't already, be sure to take regular backups of your blogs.

You never know when they might become a hacker target!

Steve

Hey Steve,
Wow, sorry for the trouble dude.. But how many times have I told you to make sure your blog is secured ....

James

[ 1 ] Thanks
1 reply

{{ DiscussionBoard.errors[982790].message }}

Steven Fullman 15 years ago

Originally Posted by TheRichJerksNet

Hey Steve,
Wow, sorry for the trouble dude.. But how many times have I told you to make sure your blog is secured ....

James

One too few, obviously

Seriously, thanks for your help, James.

Steve
- Thanks
Signature

Not promoting right now
{{ DiscussionBoard.errors[983177].message }}

engr.adeel

15 years ago

you should have to backup all the files. Also wordpress 2.7 is some how best in this regard.

Thanks

{{ DiscussionBoard.errors[982809].message }}

TheRichJerksNet

15 years ago

Originally Posted by Franco Mocke

Why would a hacker want to hack into a wordpress blog?

This is why .....

The past five years has seen the popularity of blogs grow in their use and as a means of making money. That's the meat that computer hackers look to sink their teeth into. A recent report by the Congressional Research Service stated that the financial impact of computer hackers amounts to $226 billion annually. Another report calculated that hackers could be taking up to six cents of every Internet dollar of revenue.

Hackers recently discovered that WordPress Blogs featured an easy path for them to cause their trouble. Many WordPress Blog owners have had their blogs hijacked in a variety of ways. They've found ads on their WordPress Blogs that they didn't place there. Others have discovered that when someone clicks a search engine link to be taken to their WordPress Blog they're instead taken to a totally different page full of ads that are often obscene and featuring computer viruses.

James

[ 1 ] Thanks

{{ DiscussionBoard.errors[982821].message }}

AmericanWoman888

15 years ago

That's a terrible thing to deal with. I lost about 10 sites 6 weeks ago. I had backups for a few of them but not all.

I hope you are able to recover from it quickly.

Mine was a keystroke logging software that gathered my passwords - or so they say.

AW888

[ 1 ] Thanks
1 reply

Signature

***Test***

{{ DiscussionBoard.errors[982864].message }}

WendellC

15 years ago

I know how you feel. Truly...

http://www.warriorforum.com/main-int...acked-club.htm

Is there some kind of Wordpress Security Tester so we can check if our own WP blogs are secure? Would be nice...

Wendell

[ 1 ] Thanks
1 reply

Signature

List your no opt-in product here for free: No Opt In Required

{{ DiscussionBoard.errors[983084].message }}

WendellC

15 years ago

Originally Posted by clickguy

I know how you feel. Truly...

http://www.warriorforum.com/main-int...acked-club.htm

Is there some kind of Wordpress Security Tester so we can check if our own WP blogs are secure? Would be nice...

Wendell

I just found this cool bit of WP security advice from Warrior freetraff's site:

http://www.freetrafficsystem.com/wor...r-blog-owners/

I'm checking all my WP sites for this security loophole now.

Nice!

Wendell

Thanks
1 reply

Signature

List your no opt-in product here for free: No Opt In Required

{{ DiscussionBoard.errors[1037079].message }}

TheRichJerksNet

15 years ago

Originally Posted by clickguy

I just found this cool bit of WP security advice from Warrior freetraff's site:

WordPress Security - Urgent Update for Blog Owners | Free Traffic System

I'm checking all my WP sites for this security loophole now.

Nice!

Wendell

Did you ever think some of those "testing" sites was created by hackers.. ? The best way is to secure your site and stop depending upon other tools to do it for you....

If you want to protect what you have then you need to start doing the manual work it takes to secure it. People really amaze me, they are so quick to grab this plugin or that new cool plugin and not once ever thinking that maybe it is not as cool as you think and maybe it might cost you...

James

Thanks
1 reply

{{ DiscussionBoard.errors[1037132].message }}

WendellC

15 years ago

Originally Posted by TheRichJerksNet

Did you ever think some of those "testing" sites was created by hackers.. ? The best way is to secure your site and stop depending upon other tools to do it for you....

If you want to protect what you have then you need to start doing the manual work it takes to secure it. People really amaze me, they are so quick to grab this plugin or that new cool plugin and not once ever thinking that maybe it is not as cool as you think and maybe it might cost you...

James

James -

I'm not sure if you looked at the information on the link I posted.

It's recommending a manual way of going into cPanel and simply preventing people from accessing your WP plugins directory.

Do you disagree with his particular manual recommendation?

Wendell

Thanks
1 reply

Signature

List your no opt-in product here for free: No Opt In Required

{{ DiscussionBoard.errors[1037205].message }}

TheRichJerksNet

15 years ago

Originally Posted by clickguy

James -

I'm not sure if you looked at the information on the link I posted.

It's recommending a manual way of going into cPanel and simply preventing people from accessing your WP plugins directory.

Do you disagree with his particular manual recommendation?

Wendell

That does NOT protect your blog.. Do I agree with the advertised product (our script) on that post ? NO because again it does NOT protect your blog.

People need to understand that it is NOT your cpanel, it is NOT your directory, it is NOT your theme, it is NOT your plugins that is the problem here.

The problem is WP itself being open source code and anybody has access to that code. Unless you actually take steps to modify that code than 99% of those self proclaimed security expert tools will do you no good at all.

I had a very long thread and discussion on this very topic a few months back but some did not find it to be useful for newbies that do not know any better so the thread was removed.

I do not feel like repeating myself over and over on this subject because frankly I see no use in it because there are too many self proclaimed experts out there that people want to follow.

You see instead of following the recommended resource above by another WF user, you rather go out and find cheap or free means to secure your business. It was JayExtreme or Steven Fullman that told me months ago "If they do not want to listen then let them be hacked" I can not remember which one told me that but it was very good advice....

James

Disclaimer: I am not saying themes or plugins do not have hacking code in them. Fact is some do and that is all the more reason why people should not be so quick to just install this or that.