I've been hacked and have a problem

15 replies
Hello guys, I'll tell you what happened to see if anyone of you have a solution.

Since yesterday I could't log in to my wordpres dashboard. I was hacked and ruled out. I tried to retrieve the password through the wordpress "lost your password" feature but nothing, my email address was deleted either.

Today I managed to change the password through the cpanel and I could log in.

But today I realized that somethig is screwed up and I don't know how to fix it.

On three particular pages of the blog in appears this message "ArtiSt Co & Siber-Warrior.Net" written in plain text, white background.

The other pages are ok and working properly.

If anyone could do me a favor and check it out

This are the links:

http://www.dondejugaralpoker.com/blog/

http://www.dondejugaralpoker.com/blog/page/2

http://www.dondejugaralpoker.com/blog/page/3

If you go to the next link you will get a list of articles, every article is a worpress post, if you click on them you will see that the rest of the blog works fine. Here is the link to the articles:

Estrategias de poker - Consejos de Poker

Any help please?
#hacked #problem
  • Profile picture of the author phpg
    Overwrite /blog/index.php with index.php from wordpress installation package, or try reinstalling WordPress, at first from wp admin.
    {{ DiscussionBoard.errors[5947800].message }}
  • Profile picture of the author JoshDylan
    Saiyan, as a Linux Server Administrator focused in IT Security, I suggest you add me on skype at JoshuaDubinsky and I can help you out. There is a few ways to go about fixing this but for obvious security reasons, I would not want you to give out anything on a public forum like this.

    Just let me know!
    Signature

    - Jay - Business Advisor

    {{ DiscussionBoard.errors[5948167].message }}
    • Profile picture of the author saiyan11
      Originally Posted by JoshDylan View Post

      Saiyan, as a Linux Server Administrator focused in IT Security, I suggest you add me on skype at JoshuaDubinsky and I can help you out. There is a few ways to go about fixing this but for obvious security reasons, I would not want you to give out anything on a public forum like this.

      Just let me know!
      Hey Josh!! I solve the problem, it was easy! I don't know how didn't I see it before!

      I first tried what phpg said two post above and it did not work, but that gave me the idea to check the file through the wordpress editor and that was it! I copier the hole thing from another blog I have and pasted it there an save!

      Hey Josh, thank you very much for offering me your help. That is very kind of you.

      Now what I really NEED to improve is the security of my blog. Where can I learn how to improve the security of a wordpress blog? Because I have been searching and in some places people one thing and in another the say something completely different. I need reliable info here!

      Thank you very much
      {{ DiscussionBoard.errors[5948617].message }}
  • Profile picture of the author JoshDylan
    You shouldn't need a plugin to help secure your site. The most common reasons why a specific wordpress install is targeted is when the version of wp that site is using is out of date or if the admin password is extremely easy to crack.

    If you choose a good password and keep your install up to date, you will be fine and will never have a hacking issue.
    Signature

    - Jay - Business Advisor

    {{ DiscussionBoard.errors[5951396].message }}
    • Profile picture of the author Eric Seiler
      Originally Posted by JoshDylan View Post

      You shouldn't need a plugin to help secure your site.
      I wish that were entirely true.

      At minimum, I recommend installing Login Lockdown. It will help prevent brute force dictionary hacks on your admin login page.WordPress › Login LockDown « WordPress Plugins

      Also, there are additional security steps that can be taken to harden your WordPress blog.

      Hardening WordPress « WordPress Codex

      I recommend reading through that page carefully if you haven't already done so.
      {{ DiscussionBoard.errors[5951660].message }}
      • Profile picture of the author phpg
        Originally Posted by Eric Seiler View Post


        Also, there are additional security steps that can be taken to harden your WordPress blog.

        Hardening WordPress « WordPress Codex
        Bulletproof Security plugin (and i guess it's not the only one, there must be alternatives) takes care about most of these issues ...
        {{ DiscussionBoard.errors[5951734].message }}
  • Profile picture of the author msu
    Like Josh says you need to keep your WordPress up to date - but don't forget to do the same thing for your plugins too. Sometimes an old plugin can let something nasty in.
    Signature
    New to WordPress? Save time with my beginner's guide:
    WordPress Step-by-Step
    (for Kindle & Kindle Apps)

    I'm a top-notch WordPress developer: hire me
    {{ DiscussionBoard.errors[5951534].message }}
    • Profile picture of the author phpg
      Maybe you'll be fine without a plugin or any other extra security steps, but with them your risks are lower. There is no guarantee that the most recent wordpress version have no security issues, in fact most likely it does, but no one knows about them yet. Then when it's released "bad guys" study the code, find those issues and start exploiting them. Sooner or later "good guys" find the issues too and release the fix. This goes on over and over. And your blog can be targeted before the fix is released.
      {{ DiscussionBoard.errors[5951711].message }}
  • Profile picture of the author Enirose Gabales
    make sure you double check your site b4 going live because you may have hidden links or text, use a text viewer to check! Good luck
    {{ DiscussionBoard.errors[5952714].message }}
  • Profile picture of the author RiptideTempora
    Base64 isn't an attack. That plugin is misleading.

    (Base64 is a character encoding which can assist in signature evasion, but it is not itself an attack.)
    Signature
    http://tlwsd.info -- This Link Will Self-Destruct
    {{ DiscussionBoard.errors[5953680].message }}
    • Profile picture of the author phpg
      Originally Posted by RiptideTempora View Post

      Base64 isn't an attack. That plugin is misleading.

      (Base64 is a character encoding which can assist in signature evasion, but it is not itself an attack.)
      It's quite obvious in the context of the plugin that they mean Base64-based attack and not that Base64 is an attack. And this is just a small irrelevant detail in the description, don't think it's enough to be able say that "the plugin is misleading".
      {{ DiscussionBoard.errors[5954486].message }}
  • Profile picture of the author xrampage16
    At the point by which you changed your password, and the content still came back, you either have an additional user which has administrator privileges, or your cpanel login/password is no longer safe. That being said, your FTP is no longer safe.

    I'd try downloading malwarebytes, and running it on your computer, and scan for viruses in case you have a keylogger virus. If that is clean, then change your cpanel password.

    After that, change your password in wordpress, and check your users for anyone else that has "admin" privileges, and remove accounts you don't know.

    Following that, I would download a fresh copy of your current copy of wordpress, and upload on top of your currently install (making sure to delete the .htaccess and wp-config.php file) so you don't overwrite your current configuration and have to set up your content again.

    This is just in case you have some kind of backdoor attached to a file, or something in one of the index.php file which allows access to a specific ip, or mails login/passwords.

    If none of those, it might be because the server you are on is hacked, and they have sudo priviledges, which means you might have to move hosting.

    Good luck on that. That's a tough situation.
    Signature

    Developer and Admin for Komputer King LLC hosting - Offering lightning fast web hosting and Quality Backlink Building

    {{ DiscussionBoard.errors[5967968].message }}
    • Profile picture of the author ctzulu
      omg that is horrible :rolleyes:
      {{ DiscussionBoard.errors[5990827].message }}

Trending Topics