My site was Hacked

Do you have any other scripts on your site? Forums? What plugins do you use?

You might want to contact your hosting provider to investigate the issue.

I have two plug-ins that are active:
Simple Sidebar Navigation ver 2.1.0 (2.1.2 is available)
All in One SEO Pack ver 1.6.4.1 (1.6.5 is available)

I have 3 more plug-ins that are inactive:
Featured Content Gallery
Hello Dolly
Akismet ver 2.2.6

I don’t have any forums. Are the plug-ins the more likely culprit? Both active ones were not updated to the most recent version.

bump

Themes and plugins can have security vulnerabilities, but most likely these were not the cause of your hack. Do make sure that your theme and plugins are upgraded however.

https://codex.www.ads-software.com/FAQ_My_site_was_hacked

Hmmm. Once thing that is too bad is that just about all the plug-ins that help you with security are out of date and untested with 2.8.4.
Especially:
Chap Secure Login
WordPress Exploit Scanner
AskApache Password Protect
WP Security Scan

I search these forums and I can’t find good discussions about protecting against vulnerabilities. I follow the links provided by the people above who were kind enough to answer me, and there is a lot of good information on those sites. I’ve followed the recommendations. But frankly a lot of that information is a year old. I still have no idea how I was hacked if I had version 2.8.4. If I do a Google search for my culprit – [email protected] – I get 5000 results! Thousands of other sites were hacked just like mine yet he/she isn’t even mentioned once in these forums. And still this forum is so busy that my post can’t stay on the front page for longer than 45 minutes.
I just think there is a big problem and no one is addressing it. I want to get a discussion going. Either a WordPress developer will notice and investigate the problem or a forum admin will realize there needs to be a forum dedicated to security.
I used to use an ASP based forum package and it was riddled with security holes that were always addressed too little too late. I finally had to stop using it. Since I’ve discovered WordPress I like it and want to keep using it. But if security isn’t given enough attention I’ll be faced without a tough decision.

I just think there is a big problem and no one is addressing it.

*COUGH*nonsense*COUGH*hyperbole*COOOUUGHHH*

Sorry, only one cup of coffee and I hope you can appreciate my early morning humor.

What’s not being addressed? One of the top sticky links on the forum:

https://www.ads-software.com/support/topic/307660

From the Codex
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://codex.www.ads-software.com/Hardening_WordPress

iridiax had already posted a reply that clearly said plugins were “most likely these were not the cause of your hack” and gave you a link for remediation of your problem.

If a vulnerability gets discovered it get’s addressed in short order. WordPress is used my a metric ton of people on the Internet so it’s no surprise that it’s a popular target for hacks. Spammer/exploiters go where the market is.

I still have no idea how I was hacked if I had version 2.8.4.

Neither do we. What you need to understand is that you got hacked but you have not identified if it was the remnant of you using an old version or your server was hacked. Or maybe you’ve been hacked and your passwords were captured. Or the boogey man.

It’s a common refrain: “I don’t know how I got hacked. I’m running WordPress so that must be it. Why is this not being addressed?”

Finding out how you got hacked does not work by process of elimination. Web servers are too complex to say “I ruled out everything so it must be XYZ”. If you can provide logs showing where the entrance point of your compromise was, and can demonstrate that it was WordPress 2.8.4, send the logs and a description of the exploit to [email protected].

But if security isn’t given enough attention I’ll be faced without a tough decision.

If you keep getting hacked and it’s happened to you before or you switched from an .ASP solution to avoid being hacked, then seriously, consider moving to a managed service.

Good luck. I hope you find the entry point; if not you’ll get hacked again.

Thanks jdembowski. If you read your reply again carefully you prove my point.
#1. Your first link (to https://www.ads-software.com/support/topic/307660 ) states that all security problems are with older versions of WordPress. I’ve already stated in this thread several times that I was using the most recent version.

#2. There is no sticky thread in this forum stating that if you’ve been hacked to send your logs to [email protected]. None of the links that people have provided or I’ve found myself ever mentioned to do this. I would think that should be a little easier to find, don’t you?

That is why I am saying security in WordPress isn’t being taken as seriously as it needs to be. I’d guess the 5,000 other sites that were hacked by the same guy would agree.

Don’t believe me? I Googled the guy and here are several other sites that were hacked, all using WordPress 2.8+.
https://www.ecolifeadvisors.com/ – WordPress 2.8
https://unlimitediphoneapps.com/ – WordPress 2.8
https://spyera.com/tag/sms – WordPress 2.8.4
https://chodely.com – WordPress 2.8.3

Sigh, you’d think I’d learn. I think the important thing is that you’ve been pointed to a link to help you clean out the hacked blog.

https://codex.www.ads-software.com/FAQ_My_site_was_hacked

Now for a little diatribe:

First thing: There will be an exploit or proof of concept against WordPress 2.8.4. Guaranteed. Hopefully it will be long after 2.8.4 is in the dust bin.

Onto your points.

#1 That link was to illustrate that security is taken seriously.

#2 Nope, you are right, there is no sticky thread for that. Perhaps a moderator will fix that. In the meanwhile that e-mail address is mentioned over 2,000 times in these forums

https://www.ads-software.com/search/security%40www.ads-software.com?forums=1

This is a volunteer self help forum so the organization may be off. Sorry to point this out but self hosted WordPress really is not for the faint of heart. Self hosted anything on the Internet requires work and I’m confident you know that too.

#3 Never once said I don’t believe you. What I did say is that you are making a leap in claiming it’s WordPress 2.8.4 without proof. You top two examples of 2.8 just confirm what was said before: upgrade to 2.8.4 or deal with the consequences.

So a hacker was prolific and broke +5,000 websites. A script kiddy exploiting the same flaw repeatedly; that’s not news or even original.

Now do you know if those sites had a plugin that was weak or did the script exploit an old weakness? Any details on how they or your blog was compromised? Not guesses or suspicions but anything that can help actually solve a problem?

Hi Thread7, my site just got hacked by the same guy. Maybe we could compare notes and try to get to the bottom of this. Please email me if you would like.

jdembowski, it is smart alec know it all people like you that frustrate internet users.
Your link for a hacked blog is about as useful as turning your computer off and then on again.
If you have nothing to add to a specific request then don’t bother.

Alright, I am adding my advice in as a small webhost over the past 5 years.

It could be your server, not just your WordPress was hacked in particular. It happens and I have seen it a lot.

As for your WordPress, those plugins you listed are okay. I would say if you are already using the most current version of WordPress, you can harden your security. You can follow the tutorial link below to my tutorial to do that – https://blondish.net/articles/tutorials/how-to-secure-your-wordpress-blog/

jdembowski, it is smart alec know it all people like you that frustrate internet users.

A fan! And here I thought my comedy was unappreciated. I’m not a know it all, but I do know something about this. That link was the most helpful part of my post. The rest, as indicated, really was a diatribe.

Your link for a hacked blog is about as useful as turning your computer off and then on again.

This is a self-help volunteer support forum. What would be really useful for anyone who was hacked if they could get someone on their box who knows what they are doing to do a postmortem on the hack. That sort of help is often paid for, and there are people who do that sort of thing on this forum (not me, but https://jobs.wordpress.net/ is there for pro work).

So that link, while you don’t appreciate it, is really a good resource for helping yourself.

If you have nothing to add to a specific request then don’t bother.

Sure thing Boss! Hey, so what did you bother to add? Sorry, that’s just the smart alec in me talking.

jdembowski, it is smart alec know it all people like you that frustrate internet users.
Your link for a hacked blog is about as useful as turning your computer off and then on again.
If you have nothing to add to a specific request then don’t bother.

What did you add to this thread? Oh yea, a smart alec observation – IOW…nothing

My site too was hacked yesterday. I think part of the problem could the be the webhost as the hacker attacked a number of other sites all on the same shared IP address. I was able to regain access by uploading a backup of my theme files, and will now work on trying to strengthen security. Will also revert to a database backup from a few days ago and upload new core files, plugins etc. Am still worried though that maybe the hacker has been working on the site for a while now and had placed something in the database. Is this something I should be worried about or am I just paranoid now?