WordPress (2.0.4) Hacked

  • Resolved clete2

    (@clete2)


    16 years, 8 months ago

    Hey guys. I have been using WordPress for a very long time and either today or yesterday, my blog was ‘hacked.’ The hacker was able to replace index.php with the picture in the below post. I was using 2.0.4 (yes, I’m lazy). I was wondering if the vulnerability was fixed in the new version? Obviously, since I was very, very far behind on updates, I went ahead and installed the new version. Any information would be highly appreciated.

    Link to Picture

    Thanks,
    Clete R. Blackwell II

Viewing 11 replies - 1 through 11 (of 11 total)

  • old news for us.

    what info can we provide that you havent provided yourself already? You were running an old version of WP – there’s no ‘investigation’ (taken off your blog) necessary really, unless you want to satisfy your own curiosity. The hacks are already public knowledge, and anyone can get them >> see milw0rm.com

    Perhaps you want to take a look at this:

    https://www.ads-software.com/development/

    and catch up on .. how about the last 1-1/2 or so?

    how about the last 1-1/2 or so?

    thats 1-1/2 years.

    Thread Starter clete2

    (@clete2)

    Thank you for your reply. I am aware that using old software is insecure, but you do not have to be rude about it. I was just being sure that that was the entire issue (e.g. if it was unknown to you guys, then it could have been something to do with my host or with another service that the server runs). Thanks for the link to milw0rm; that seems to be a good site.

    I really don’t think he was being rude at all, thats the risk you run when you run outdated software. WordPress has been very vocal about making sure you stay up on these sorts of things.

    Generally, as long as you update whenever a new release comes out, you will generally be safe.

    Thread Starter clete2

    (@clete2)

    Maybe I mistook his post. I generally keep everything up-to-date, but I never bothered to upgrade WordPress. Now I will make sure to keep it up to date. It looks like there is now an automatic update plugin. ??

    SHE/HER

    Thread Starter clete2

    (@clete2)

    Sorry. ?? I have one other question: The old WordPress allowed me to use HTML in the WYSIWYG part of the writer, but the new one just converts it to HTML characters (ugh I forget what you call it. Ex. < turns into <).

    How do I get it so that I can add HTML in that side without having to go to the HTML side? I would rather WordPress take care of most of the formatting but let me add in special HTML of my own.

    Two things — I’m female, and it doesnt really matter to me if you found what I said to be rude or not.

    Rather than focus on being a victim (of the hackers or me), focus on how YOU might adversely effect the WWW with your self-admitted laziness. While I appreciate the honesty, it’s hard to be anything but irritated when reading that. Its rather insulting to those of us that actually take care of our web sites, not just for the good of our own sites, but for the good of the people that might share our hosting, might visit our site(s), we dont want to be a springboard for hackers to assault other sites, etc..

    when you come back in a year and tell us what a good job you have done with the upgrades, and helping to keep your site secure, you will get an equally large “well done” from me. (not that it matters, im sure)

    Well, Whooami, I have to use 2.0.4 for one very good reason, rather, two. It is the last version that supports SmartRSS which I find indispensable.
    I am not a programmer and am unable to create a replacement for the lovely new versions of WP I use on some sites that don’t require the feed. The other reason it that it seems no-one elst is capable of creating a replacement for SmartRSS that actually works.
    Sadly it’s another ‘rock and hard-place’ dilemma.
    If you have knowledge of something that feeds a WP blog v2.7 automatically with articles from sites such as ArticleDashboard, I’d be extremely grateful for the information.
    The last thing I tried (I forget the name) did feed 2.7 from external sites, but the cron that it was supposed to run on failed miserably (despite trying every php cron version known to man! lol). The only way to update was manually, which sort of defeats the object.
    All the best, Bruce.

    Secure site or SmartRSS?…

    Yeah, hard choice…. *end sarcasm*

    If you need a particular script that you can’t find yourself, then you need to outsource and employ someone to do it for you…

    Of course you could always learn to code and do it yourself..

    Why can’t you port or convert SmartRSS to work with 2.7? …

    Is this what you refer to?
    https://www.devplug.net/smartrss-plugin/

    If it’s a plugin you desperately need, then it’s a matter of updating code to work with newer WordPress functions.

    Again, learn to do it, or employ someone. As helpful as people can be here in the forums, you can’t just expect everything to be written for you.

    well, 300, your “good” reasons dont really fly for me. Like t31os_ said — thats where you either learn or you pay someone else so that you dont have to.

    Continuing to use a web app that you know is completely insecure, for the sake of plugin functionality, is irresponsible and foolhardy.

    Did you know it takes one simple copy and paste to get your admin passwd?

    Good thing those plugins are working for you though.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘WordPress (2.0.4) Hacked’ is closed to new replies.