WP Pages Got SPAMMED, HACKED, and...

27 replies
Warriors,

UNBELIEVABLE! Yesterday my buddy Brad got his Word Press Pages... Loads of them SPAMMED or HACKED with some kind of text links. He is still FREAKING out and grumpier then you know what due to lack of sleep.

Has anyone else had this happened to them?

How do you think it happened and how can he prevent this in the future?

I was just thinking about doing some WP but now I do not know.

Please let me know if WP is still safe!

Thanks Warriors.

Cheers, Warrior2008
#hacked #pages #spammed
  • Profile picture of the author Mike McAleer
    ii guess it is alright

    but honestly don't worry about it.
    Signature

    Recent domain flips : $8->$1000 Social recruiting Software dot com $8->$2000 MobileSalesSoftware.com
    Invest in domains without the hard work !
    Email for details...Mike McAleer at me dot com

    {{ DiscussionBoard.errors[4090287].message }}
  • Profile picture of the author dv8domainsDotCom
    Website security is an eternal cat and mouse game. The hackers work with the current technology to break into sites/etc, and the developers then try to patch these holes as they become aware of them, and the process repeats: When one security flaw is patched, the hackers try to find more... it is an eternal cycle.

    1) No matter how smart you are (or good at coding), there is always someone smarter (ie, better at coding)
    and:
    2) There is no such thing as 100% secure system. EVERY system must be scrutinized, monitored, and patched (updated). Period.

    Your friend's frustration, as much as I hate to be the "bad guy" and sound like an ass, is not because his WP blog got "hacked".

    It is because he failed to have a recovery plan in place FIRST, and an update/patching schedule in place SECOND.

    (Have a backup/recovery plan FIRST, for ANY application. Research the 'how' yourself. The 'why' is obvious from your friend's example)
    The SECOND thing to plan for is an UPDATE/PATCHING schedule. WP Makes this easy by notifying you of updates on the back-end.
    BUT:
    What if the update fails (for any reason) and pooches your database? THAT'S why it is important to have a solid backup/recovery plan

    Sorry for your friend, BTW, but he did not have a backup/recovery plan in place, otherwise a "hack" like that is easy to recover from (and then it is only mildly inconvenient). If you have a plan, you can recover from ANYTHING.

    That being said, I've found WP to be a solid platform and updates are typically very rapid when there is a security flaw. Good luck
    Signature
    Support a Warrior, Save Money!
    Rock Bottom Prices on Domains and Website Hosting
    {{ DiscussionBoard.errors[4090297].message }}
  • Profile picture of the author warrior2008
    Aha, I see. I will pass this along regarding a backup and security system. This may be over my head a bit but I know he will find this valuable. Man, I hate the hacking that goes on around the Internet.

    Cheers, Warrior2008
    {{ DiscussionBoard.errors[4090347].message }}
  • Profile picture of the author Ken Durham
    it happens...

    Could have been there was a file or directory set with write permissions for the public.
    I'd check access logs, ftp logs, and error logs. One of those will tell where entry was made. Of course it is probably a good time for password changes. His personal computer may have been compromised also, giving them access to passwords.

    A best practice, when you finish using ftp and do not need to upload anything, turn off FTP on the server. Of course checking all file and directory permissions should be done. Little things like that are easy to overlook, especially when some of the plugins want you to set permissions to 777. Not wise...
    Signature

    yes, I am....

    {{ DiscussionBoard.errors[4090348].message }}
  • {{ DiscussionBoard.errors[4090465].message }}
  • Profile picture of the author mrktxprt
    This is some good stuff Ken. There's so much back office administration work that comes along with internet marketing. You can't just put a site up and think it will magically take care of itself.
    {{ DiscussionBoard.errors[4090528].message }}
    • Profile picture of the author warrior2008
      Originally Posted by mrktxprt View Post

      This is some good stuff Ken. There's so much back office administration work that comes along with internet marketing. You can't just put a site up and think it will magically take care of itself.
      OK, Brad has fixed this for now he said but thanks for sharing this... for now. I was not liking what I was hearing about WP but now I am thinking this can just be the way it is with any site.

      Cheers, Warrior2008
      {{ DiscussionBoard.errors[4090732].message }}
  • Profile picture of the author Trivum
    I've had it happen A LOT ... and it keeps happening. I've spent a lot trying to get it fixed. Finally I went with these guys - | Protect your interwebs! (no association).

    The truth is the hack has still come back even though they have it "under surveillance," but I feel more comfortable with these guys than the freelancers I was working with (who lost large chunks of my data).
    {{ DiscussionBoard.errors[4090532].message }}
    • Profile picture of the author warrior2008
      Originally Posted by Trivum View Post

      I've had it happen A LOT ... and it keeps happening. I've spent a lot trying to get it fixed. Finally I went with these guys - | Protect your interwebs! (no association).

      The truth is the hack has still come back even though they have it "under surveillance," but I feel more comfortable with these guys than the freelancers I was working with (who lost large chunks of my data).
      Really? So he is not alone?
      {{ DiscussionBoard.errors[4090540].message }}
      • Profile picture of the author Trivum
        Originally Posted by warrior2008 View Post

        Really? So he is not alone?
        You can make a full time living fixing WordPress hacks.
        {{ DiscussionBoard.errors[4090551].message }}
  • Profile picture of the author warrior2008
    Ken,

    Yes, I had him run a 100% scan. He has not got back with me yet on those results. Maybe this will tell him if his computer was at risk too. Thanks!
    {{ DiscussionBoard.errors[4094699].message }}
  • Profile picture of the author blueorca17
    Originally Posted by warrior2008 View Post

    Warriors,

    UNBELIEVABLE! Yesterday my buddy Brad got his Word Press Pages... Loads of them SPAMMED or HACKED with some kind of text links. He is still FREAKING out and grumpier then you know what due to lack of sleep.

    Has anyone else had this happened to them?

    How do you think it happened and how can he prevent this in the future?

    I was just thinking about doing some WP but now I do not know.

    Please let me know if WP is still safe!

    Thanks Warriors.

    Cheers, Warrior2008
    Here are some things he can do in the future, and some things that others can do to prevent this in the future:

    1) generate a STRONG password for the database and wp-admin login.
    You can generate random strings to make the passwords THAT much harder to crack here: RANDOM.ORG - String Generator
    2) make sure that you're not downloading and using FREE WORDPRESS THEMES that are NOT endorsed by Wordpress.com or Wordpress.org, UNLESS you know the person that created it, or had a PHP coder double check the them to make sure that there aren't any codes that allow the person that you got it from to get in via a "back door". This is a very common bl@ckh@t technique that allows the theme sharer to hack into your wordpress site without you even know it. The rogue code is generally found in the "footer" or "theme functions" of any wordpress theme.
    3) Install WP security plugins that remove Wordpress version number and other things that are necessary for a hacker to access your database. You can find a lot of security plugins available for wordpress here: WordPress › Search for security « WordPress Plugins. My favorite is Secure Wordpress. You can find it here: WordPress › Secure WordPress « WordPress Plugins
    4) Update Wordpress when it tells you to! A lot of security exploits are known around the web for older versions of WP, and if your wordpress version is not updated, it makes it THAT much easier to hack.

    Hope this helps.
    Signature

    {{ DiscussionBoard.errors[4094827].message }}
  • {{ DiscussionBoard.errors[4094906].message }}
    • Profile picture of the author gfMedia
      Hey Warrior2008, great minds think alike

      Ok, I was a grump about this - ha that's what I get for having a ton of blogs and working too much.

      Yes, I have backups but still it takes time to restore when you have as many blogs as I do.

      I also posted about this issue with my solution, and so far so good...

      http://www.warriorforum.com/main-int...ml#post4095398
      {{ DiscussionBoard.errors[4097805].message }}
  • Profile picture of the author hotboy18
    I recently had this happen to me with Wordpress for Windows then I switched to Workpress with Linux that makes it more safe and the database automatically backs up just in case your site does get hacked.
    {{ DiscussionBoard.errors[4097821].message }}
    • Profile picture of the author mark@1to101
      I've had this happen to some of my sites before. I think I read that it's some kind of attack on / injection into the MySQL database. I don't know how to prevent it but I use a plugin called BackupBuddy to automatically back-up my sites and the databases so I can at least restore things should I get hit with this again.
      {{ DiscussionBoard.errors[4098096].message }}
      • Profile picture of the author ARVolund
        Originally Posted by mark@1to101 View Post

        I've had this happen to some of my sites before. I think I read that it's some kind of attack on / injection into the MySQL database. I don't know how to prevent it but I use a plugin called BackupBuddy to automatically back-up my sites and the databases so I can at least restore things should I get hit with this again.
        Are your database tables using the default wp_ prefix?

        If so you should change it to a random string of numbers & letters.

        If your site has been broken into once already in addition to your admin username and password you need to change the database name, username, and password as well. Make them random and make them hard, especially the password.


        As a general rule all the attacks you see on your blogs are automated and by changing just a few of the defaults and taking a few precautions will make you pretty safe. Lets face it very few of our blogs are going to be worth it for someone to spend hours trying to break in and hack them. They send out the bots to pick the low hanging fruit.

        I personally do not use any plugins to secure my blogs, just one more thing to worry about updating and since I started making a few manual changes during install I have not had any issues.

        Username and Passwords

        1. When creating your database and user make sure that you use random numbers and letters. When creating the password use 18 random characters that include special characters.

        2. When creating your admin username and password use a phrase for the username ie: ILovetoeat99grapes and again use at least 18 random characters including the special ones.

        If you are concerned about remembering the special characters pick a number you can remember and then just use the shift key.

        The install

        1. You can upload your wp config file one level above your blog. If your blog is installed in your public_html folder then you can upload the config file above that which makes if much harder for someone to access.

        2. htaccess file for you admin. Use a htaccess file in your admin to deny all IP addresses except yours. Very easy to do and it will keep prying eyes out of your admin.

        3. Check all the file permissions after the install. Make sure that you do not have write permissions on any files or folders that do not need it.

        4. Any plugins or themes that are not being used should be deleted, not just deactivated but deleted.

        5. Admin Username- The admin username is actually in three places in the database. user_login, user_nicename, and user_displayname. The problem is when you change your Display name in the wp admin it does not change the user_nicename field. Why is this a problem? Some templates let you click on the user name to find all their posts. This uses the user_nicename fileld in the url not the user_displayname field. You need to go to phpmyadmin and manually change the user_nicename to match the user_displayname field or everyone that clicks on your name will have your super secret admin username.

        This one seems like a huge security hole to me that should be very easily fixed so I have no idea why the wp guys do not do so.


        It sounds like a lot but really does not add much to your install time. It usually takes me 10 mins or so to do an install. The first one may take a bit longer but once you do it a couple of times it will be a piece of cake.
        {{ DiscussionBoard.errors[4098562].message }}
        • Profile picture of the author jguy1
          I've had this happen to my WP sites. I created a thread about this. In the thread I pasted what my hosting company told me. You can click on my username to find the thread.
          {{ DiscussionBoard.errors[4098670].message }}
        • Profile picture of the author mark@1to101
          Originally Posted by ARVolund View Post

          Are your database tables using the default wp_ prefix?

          If so you should change it to a random string of numbers & letters.
          I think they were at the time, yes. I changed them to something other than wp_ after they had been attacked and those sites didn't get attacked again - so far anyway.

          As you say, I think it's some kind of bot or something doing it rather than someone manually trying to the hack sites.

          Seems pretty random as I've got 100+ wordpress sites and less than 10 have been hacked in anyway in a year or so.
          {{ DiscussionBoard.errors[4101776].message }}
  • Profile picture of the author ChristineCobb
    I have started using Backup Buddy which not only backs up everything but will show you the permissions status of your files and do a malware scan. Also installed Login Lockdown plugin to lock out anyone who tries too many time to login to the dashboard.

    I also recommend Regina Smola at WP Security Lock to do a security audit of your site (or clean it up if you have been hacked).
    Signature
    Creating an Affiliate Tools Page Couldn't Get Any Easier. Find out how.

    Free Screencast Videos Resource Guide Here
    {{ DiscussionBoard.errors[4098122].message }}
  • Profile picture of the author Andrea Wilson
    Now that is alarming. For a not-so-smart wordpress blogger like me it can be a big issue if my site is hacked. Anyway I just skimmed through your postings and I just learnt lots of useful stuffs I can implement on my next websites.

    Andrea
    {{ DiscussionBoard.errors[4101917].message }}
    • Profile picture of the author warrior2008
      Originally Posted by Andrea Wilson View Post

      Now that is alarming. For a not-so-smart wordpress blogger like me it can be a big issue if my site is hacked. Anyway I just skimmed through your postings and I just learnt lots of useful stuffs I can implement on my next websites.

      Andrea

      Yes, I agree... Lots of useful stuff here. We are MOST definately taking this to heart!

      Cheers, Warrior2008
      {{ DiscussionBoard.errors[4115005].message }}
  • Profile picture of the author rekerlolz
    I still run a bunch of Wordpress websites and I haven't had any problems with getting hacked but my comments sure do get spammed a lot by bots on some of my sites.
    {{ DiscussionBoard.errors[4101929].message }}
  • Profile picture of the author RevSEO
    Have you sorted out the problems? Alot of great advice on how to prevent your site form being hacked/exploited.

    If you haven't contact your hosting company, often they'll have backups that you need and will revert your site to a time prior to the hacking. At which point you'll need to take ALL of the advice in this thread quickly or your site will be hacked again.
    {{ DiscussionBoard.errors[4113083].message }}
    • Profile picture of the author warrior2008
      Originally Posted by RevSEO View Post

      Have you sorted out the problems? Alot of great advice on how to prevent your site form being hacked/exploited.

      If you haven't contact your hosting company, often they'll have backups that you need and will revert your site to a time prior to the hacking. At which point you'll need to take ALL of the advice in this thread quickly or your site will be hacked again.

      Yes, and Brad says that some of his blogs are still getting injected with spam. Also it's just posts not comments he says now.
      {{ DiscussionBoard.errors[4114466].message }}
      • Profile picture of the author RevSEO
        Originally Posted by warrior2008 View Post

        Yes, and Brad says that some of his blogs are still getting injected with spam. Also it's just posts not comments he says now.
        Yes, there's an obvious exploit on this blog. Probably from an older version of Wordpress or backdoors from plugins.

        Check out the advice from others in this thread if you want to get this fixed, or if your friend does for that matter.
        {{ DiscussionBoard.errors[4114549].message }}

Trending Topics