I got hacked today

Something happened with Bad Behaviour plugin and it would not allow me to do any admin work. I could not even perform a backup as every action resulted in an error to say my IP address was blacklisted, when it wasn’t.

Bad Behavior had a problem earlier, this has been corrected in version 2.0.11. See here: https://www.ads-software.com/support/topic/146498?replies=10

I doubt that this was related to your site being hacked.

I don’t know if they were related but both things happening today is a coincidence or not? I read another link today that said Bad behaviour scans google ads looking for culprits to block or something like that, so maybe the google ad compromise is related, I have no idea.

Just an update, it has happened again with another theme. Lots of tramadol links etc entered onto page.php or other files.

I don’t understand what is going on and how this is happening. I changed both my wordpress password and my hosting password, I deleted the offending theme the other day and now it is occuring on another theme.

This is nothing to do with that plugin as I thought earlier as that is not installed at the moment.

One thing I did notice that the page.php that was affected was writable by wordpress from the dashboard. As far as I know I have never given it file permissions.

But lets say I had given it file permissions previously to write from dashboard, is that enough for a hacker to get in and change my files? Why is there no higher level of security on wordpress to stop people accessing my stuff without my login?

I find this very worrying as I do not understand what is going on.

I just wish to add, I wonder if this is a security issue with the new wordpress. I am not in the business of apportioning blame, I just want to find out the source, but these two hacks have occurred since I upgraded to new wordpress last week.

Becs,

Are you on a shared host? I mean when other users update their websites are they on the same server just a different directory i.e. /home/username_here/public_html ?

I’m asking because I doubt that WordPress is the problem but this still keeps happening to you. If you are setting your directories as owned by you but writable by all then you may have a problem with the server being compromised.

You might want to try using a managed service such as WordPress.com if this keeps happening to you. That’ll push the security onto the provider and let you get back to blogging.

Good luck.

Hello, I don’t have a shared host and my hosting is only accessible by me.

I have been using the self hosted service for over a year and apart from this happening late last year, these two incidences are the first time I have had a problem in all that time.

I am happy with self hosted and dont want to go back to wordpress.com as I like the better customisation, but this issue is obviously getting in the way at the moment.

If you’re running the latest version of WordPress then there are no known hacks for it. So you’ll need to examine the server logs and determine how they are getting in.

I had the developer of one of my plugins look at my server logs and he says there is nothing to show illegitimate use or even access to page.php files.

I had a look myself and whilst I don’t understand logs much, I could not see anything relating to page.php either.

Hi becs,
I was hacked too a couple of days ago, and I don’t think our problems are related but just in case: check out what I did to improve security and maybe we can narrow the problem down to one or two plugins.

you could use the phphackchecker script to be notified when some files are changed on you webserver