My site was Hacked

  • My site was hacked. The home page had a warning message from SnipeR-BaghdaD with an email address [email protected].
    Anyways, I’ve read some good post in here on what to do in order to recover. Immediately after the discovery I got into admin and noticed I already have 2.8.4.
    I’m not sure which version I had before the problem. Maybe the hacker upgraded? But probably not. I was probably exploited with 2.8.4 on my system.
    So my question is this. I was using a template called Revolution Lifestyle 2.0. We had changed a lot of graphics, etc.
    Can certain templates have security vulnerabilities?

    Thanks.

Viewing 7 replies - 31 through 37 (of 37 total)

  • Hi bmoon

    with regards to moving your wp-config file above the root, there’s not much point if you’re on a shared hosting environment… As a Hacker who has compromised another site on the server will be able to run a script that reads that file as plain text anyway.

    If you are worried that they (hacker) are reading your DB settings in the config file you could zend encrypt those settings (providing your server can read zend encodeded stuff).

    If it’s always just your clients sites that have the issue and everything you have done is considered “secure” as possible – i’d typically suggest running basic security checks there end – if they’re also logging in (as a precaution). If you’re managing everything for them, then there’s no need to worry about doing that.

    Put it one way – i have handed sites over to clients before who have changed there password to their own name – despite a big warning – letter, go figure! lol

    I’ve had 22 sites on a shared hosting plan hacked over the last weekend. I made it easier by using the same ftp password across all of them…so that’s my fault and I’ve fixed it up now. 20 are wordpress, 2 are frontpage sites. All WordPress were 2.8.4 OR 2.8.5.

    I have tracked the IP of the hacker and a list of hacker forums who have been regualarly visiting. Have discovered some very strange entries and 404 reports. See https://www.ads-software.com/support/topic/237003?replies=23

    I’d really like to know how do we determine the entry point?

    I have been using wordpress for almost 6 months already and never been hack. You must be careful in choosing you username and password and never trust it just to anybody. Just a friendly reminder.

    Are you afraid of driving? Conquer your fear today by visiting CarDrivingPhobia.com

    Elizabeth, when a hacker gains access to your server through one site, he will have access to all, that’s the pain of shared hosting. Determining how they got in is something I fotunately never had to do. It could be an outdated plugin, it could be a ‘rainbow attack’ on any of the installs or maybe you even were hacked before upgrading to 2.8.4.
    There are a number of things you need to do, such as change ALL passwords (all WP installations, FTP, control panel, anything you can think off. Clean up properly and when you’re done, “harden WP“.
    Finding out how they came in… you could scan your access logs in the hope to find something, have a look at the WP Security Scan plugin which checks for some obvious security issues and it seems that Whooami has some kind of scanning plugin which I cannot find.

    Good luck.

    Whooami has some kind of scanning plugin which I cannot find

    https://www.village-idiot.org/archives/2008/04/16/postlogger-for-wordpress/

    I understood that she wrote a new one that scans for hack entries. Postlogger is too late when the hack already took place.

    well,

    here is a complete list:

    https://www.village-idiot.org/plugins

Viewing 7 replies - 31 through 37 (of 37 total)
  • The topic ‘My site was Hacked’ is closed to new replies.