WP Hacked - New User... But Registrations Were Closed

by Fernando Veloso

Posted: 12 years ago 2 replies

INTERNET MARKETING

Second time in 2 weeks I see a WordPress install hacked in a Portuguese hosting company. They start by the root domain and all sites in that hosting plan go down.

Infos:

- WP Admin had a complicated username/password combo - really complicated with numbers, symbols, capital letters etc.
- Registration was CLOSED.

What amazes me is how are they creating NEW users when registration is closed in WordPress, and how are they able to see such complicated user/pass combos?

Any idea? :confused:

#closed #hacked #registrations #user

Fernando Veloso 12 years ago

Time for an update.

Still looking for answers as to HOW this happened in a secure WP install.

1 - WP Admin had a complicated username/password combo - really complicated with numbers, symbols, capital letters etc.
2 - Registration was CLOSED.
3 - Someone got in creating a new Admin. (Phpmyadmin cracked??)

Yet, someone got in, create a new admin and bye bye all sites in that server. It has been a long day, but with all the problems, there are lessons. I got this one: this same hosting company have this exact same issue 10/15 days ago (and we have 4 (that's FOUR) different hosting plans with them. One of them was hacked just like today. And that was a customer server with sites from some customers... so you can see how dumb we felt that day... and again today.

So what did I learn? I should have realized 10 days ago something was wrong with this company hosting security measures. I understood from small bits of info something was "not right" and the normal "security measures" were... different. Mind you this is a big portuguese hosting company. Anyways, I didn't put much attention to it, and today we had a second server hacked.

Probably my fault? Maybe yes, but I really don't think so. We try our best to protect WP installs and we never had anything similar all these years with other hosting companies. Who knows what happened...

My guess is this: when I tried to use my CPanel's, I had firefox alerting me of a NON-Secure connection. Every time that happened I asked for official confirmation by this hosting company, and they always answered: it's safe to add this one to your whitelist - well... guess it wasn't. And this is something new, maybe last 3-4 months. Before that I never had THIS issue with them.

So long story short: we're remove all sites from there (long task), and our lawyer is researching next days what we can do to make them come clean on this. I don't want any money, neither money back, BUT I want them to acknowledge officially what the **** happened with my servers, cause the excuse of "Wordpress can get hacked if not updated" doesn't fill my needs.

Wordpress WAS updated. Plugins WERE updated. Hacker got in using "something" to create a new admin. All sites in same server got hacked (including HTML sites).

So there you have it. A beautiful Monday in sunny Portugal.

P.S. Off to Offtopic for a beer or tow.
- Thanks
Signature

People make good money selling to the rich. But the rich got rich selling to the masses.
{{ DiscussionBoard.errors[6009058].message }}
Sillysoft 12 years ago

You change your ftp/hosting account password?
- Thanks
{{ DiscussionBoard.errors[6009060].message }}

WP Hacked - New User... But Registrations Were Closed

Trending Topics

Best AI for spell checking & grammar (2024)?

Google Ads, landing pages, and Clickbank links

Carry out better target audience research

A Very Strange Internet Problem

YouTube gets shopping display tools and affiliate partnership updates