My Blog Has Been Hijacked. Please Help

TO ADD TO MY POST ABOVE, I also wanted to say that another thing I’ve done is the fix discussed here:
https://www.village-idiot.org/archives/2008/03/18/wordpress-spam-inject-honeypot/
Which basically advises: editing wp-settings.php

The important bits within that file, are these:
if ( !defined(‘USER_COOKIE’) )
define(‘USER_COOKIE’, ‘wordpressuser_’. COOKIEHASH);
if ( !defined(‘PASS_COOKIE’) )
define(‘PASS_COOKIE’, ‘wordpresspass_’. COOKIEHASH);
if ( !defined(‘TEST_COOKIE’) )
define(‘TEST_COOKIE’, ‘wordpress_test_cookie’);

Merely appending a couple numbers or letters towordpressuser, wordpresspass, and wordpress_test_cookie is all you need to do to make this change.

Your new bits *might* look like this:
if ( !defined(‘USER_COOKIE’) )
define(‘USER_COOKIE’, ‘wordpressuserqwer_’. COOKIEHASH);
if ( !defined(‘PASS_COOKIE’) )
define(‘PASS_COOKIE’, ‘wordpresspassasdf_’. COOKIEHASH);
if ( !defined(‘TEST_COOKIE’) )
define(‘TEST_COOKIE’, ‘wordpress_test_cookiezxcv’);

I’m not sure if this is the best route to follow, however, so someone please let me know if this is a good idea or not and it there is something better that I can do.

Lucy

you followed instructions off my site. What you did will not, I repeat, will not, adversely affect anything.

Made sure my wp-config file is not read or writable (it is now 666).

Thats readable and writable, in fact, thats world-readable and world-writable.

How to remove the folder from my site?

Deleting the files is as simple as going in with your favorite FTP client and deleting the files, just like you would delete any other files.

whooami…thanks for the instructions from your site.

1) Again, as mentioned above, I’VE TRIED DELETING THE FILES, however, am getting ACCESS DENIED by my ftp client whenever, I try to delete or edit the files.

2) Since you said that making the wp-config file 666 is world readable, then can you tell me what numbers I should chomd the file to, to make sure it is NOT readable?

1> If you cant delete them with your ftp client, then try from whatever control panel filemanager thing your host makes available. If your host doesn’t provide one of those, or that isn’t successful, than ask your host do it for you.

2> 644 .. and that doesnt prevent readability. your wp-config.php is NOT readable in a browser unless the PHP interpreter completely crashes. Apache/IIS/whatever need to be able to read that file. Just use 644.

And please, relax, the caps are unnecessary, its not the end of the world. ??

Does anyone else have any other suggestions for what I can do to secure my site?

Thanks,

Lucy

UPDATE: With the help of my webhost, I was able to delete the files from my site that was put there by a spammer. Thanks for the advice given above from whooami.

However, today, I logged into my ftp client to see that the spammer had returned and put double the amount of spam files in my directory (i.e. before there were about 21 HTML files, today there were about 40.)

Other than deleting the files that spammers are putting on my site AND upgrading to the most recent version of wordpress, is there anything else I can do to secure my site?

Can someone from the wordpress team please reply to this?

Thanks,

Lucy