Wine APK for Android 12,49 jili restaurant menu and prices.REGISTER NOW GET FREE 888 PESOS REWARDS!

kottyieth
(@kottyieth)

19 years ago

Hi

Could someone please help me. My wordpress site has been hacked. https://www.oneangrycustomer.org

Viewing 15 replies - 1 through 15 (of 27 total)

1 2 →

curly
(@curly)

19 years ago

oY!

Hope you have root access to get rid of this…

Mark (podz)
(@podz)

19 years ago

Hang on – someone hacked your SITE.
They did NOT hack wordpress – or at the very least you have no proof.

Email your host.

Thread Starter kottyieth
(@kottyieth)

19 years ago

I am not a techie, so don’t understand root and stuff

Thread Starter kottyieth
(@kottyieth)

19 years ago

It is hosted on pow web, as recommended by WP

Mark (podz)
(@podz)

19 years ago

Tell Powweb – they should supply access logs, close any loopholes, help you clean up.

What other php applications are you running ?

Oh – and change every password you use on that site. All of them.

Thread Starter kottyieth
(@kottyieth)

19 years ago

No other things, just a weblog
https://www.oneangrycustomer.org

chimommy
(@chimommy)

19 years ago

Looks like just the index page that was hijacked? Had that happen before. That isn’t a wp issue. Definitely notify your host and tell them of the situation. And like Podz said, change every single password you have related to your site and hosting acct.

sveng
(@sveng)

19 years ago

Same thing happened to me:

What should the default index page be?

What is the best way to resurrect the site?

sveng
(@sveng)

19 years ago

I managed to change the index page, it said:

BI0S TEAM

Definitely makes you want to change web hosts…

sveng
(@sveng)

19 years ago

I think I may be getting the run-around from my host–they said they think the hacker accessed my site through my WordPress login.

But to change the index page, wouldn’t you have to have either account or FTP access through my webhost?

whooami
(@whooami)

19 years ago

no given the right set of circumstances that may include some but not neccessarily all of the following …

1. a wp install that is not current, ie running the latest stable version (possible wp exploit)

2. An older php package installed on your web host, that you web host didnt take the time to upgrade (possible php exploit)

3. a bad username/password combo for your admin account (weak passwords suck)

..someone out to do malicious things does NOT need ftp access.

That is not to say that any of the above occurred, but to let you know that there are other ways for bad things to happen, and not all of them require the front door to your site be open.

estjohn
(@estjohn)

19 years ago

are you using any plugins? the plugins are what can be vulnerable to mysql injections.. hence how it was probabally cracked

Mark (podz)
(@podz)

19 years ago

estjohn – you have twice now suggested that plugins are a risk. Which ones ?

estjohn
(@estjohn)

19 years ago

ones that let the user execute php can and.. hang on lemme get some info together on it.

estjohn
(@estjohn)

19 years ago

What I will do is gather some more info on it and make a post. Some of the older versions of some plugins I have read have some vulnerabilities as well.. so I will try to include versions. This might take me a few days to get all documentation gathered up.