WordPress Hacked

1. wordpress version would help
2. you used “sites”.. is wp running all all the sites, or some, all the same versions, or not.
3. what else is being used on the sites(s)

—

if you are using the reccommended method of having theme files world-writable, youre inviting disaster. Thats very very insecure, regardless of what the answers to the above questions happen to be.

think about it : world-writable. it means exactly what it says. Ive gone on and on about this, “no-one” cares.

whooami, I care. But I don’t count….

its all in the quotes I used ??

Also, are you using phpGedView? The old version of phpGedView allows hackers to access EVERYTHING on your server. Upgrade or remove it until the 4.01 version comes out. That was what got me. They messed up my Joomla install, so I decided to go to WP, and then they started messing with WP. I finally figured out it wasnt Joomla or WP, but phpGedView. Good luck, it drove me nuts for weeks!

1. wordpress version would help

Ah, both are 1.5.2

2. you used “sites”.. is wp running all all the sites, or some, all the same versions, or not.

The 2 that I have noticed so far are 1.52

3. what else is being used on the sites(s)
No other cms or anything much.

—

if you are using the reccommended method of having theme files world-writable, youre inviting disaster. Thats very very insecure, regardless of what the answers to the above questions happen to be.

think about it : world-writable. it means exactly what it says. Ive gone on and on about this, “no-one” cares.

This could be the whole problem, I assumed that it wouldnt make a difference leaving them 666 or similar – most people I spoke to said the same thing. Though I never understood why it could be ok – the file is writable (but not being a tech doesnt help really)

I am locking it all down ??

Thanks for the quick, useful tips & quality responses. I honestly didnt even think anyone would bother answering.

I dont know what phpgedview is but if the other solutions dont solve the problem then Ill look into that.

Thanks again & Ill come back with an update.. any idea how I find the culprits now ?

1.5.2 has no known exploits.

1. Who is your host ?
2. Make sure that EVERY file has permissions of 644 at most for now.

3. Ask your host / look in their forums for similar incidents. If you do ask them they will say it’s a WP fault – which it is not. It’s probably a shared server exploit. If your host fobs you off, look elsewhere.

I have just 644 everything and now its messed.

I get this error message:
Warning: main(/home/xxx/public_html/wp-includes/wp-db.php): failed to open stream: Permission denied in /home/xxx/public_html/wp-settings.php on line 59

Fatal error: main(): Failed opening required ‘xxxx/public_html/wp-includes/wp-db.php’ (include_path=’.:/usr/lib/php:/usr/local/lib/php’) in /home/xxx/public_html/wp-settings.php on line 59

Any ideas?

I will be having words with my hosts on monday too anyway ??

That’s an odd error because all my files are 644 – so either the files in not there (you’ll need to check) or your host has set something very strange.

Who is your host ?

https://ukwebsolutionsdirect.co.uk/

It was working ok, before I changed the permissions (there were all different permissions set across the different files/ folders).

Don’t folders need to be 755 or something? (I thought files were one, folders were another? Anyone with firsthand knowledge?)

-d

It’s generally folders 755, files 644, yes.

ok, let me give that a try, thanks for your help

Ok, that appears to have worked. Thanks everyone for your contributions!

Glad to hear it, hope things remain calm for you!

Fraid not, after fixing all the permissions they still managed to get their code in there.

??