I think My WP blog has been hacked

I visited my blog today to find that all the posts have been deleted, I logged in to admin and sure enough 0 posts. This blog had hundreds of posts. I do have a a back up, but it is a little outdated.

Has anyone else seen this happen or know what may have caused it?


EDIT --> I have found in phpMyAdmin that three tables from the dB are "missing" - comments, links and posts

 

you have been hit by this most likely

http://wordpress.org/support/topic/168964

 

I read through all that. The case with my blog is different.

 

This is scary mate.

 

Luckily I had backed up my dB only a few days ago so I was able to restore most of it. I have hard copies of the rest and will have to add them manually.

A note to every WP blogger - Backup your files and dB often!

 

Maybe it's your hosting company messing up doing "experiment with tightening security". Do restore your blog soon, and always keep backups! (I learned that lesson pretty well last time)

 

I'd love to know what had happened. Please let us know if you ever find out.

 

My rule is to back up on a schedule that's about as often as I post.

And yes, please let us know if you find out what happened here. A buddy of mine is having a problem on his 2.3 installation that I think could be related.

 

Have tables been removed from the database? Have posts and comments totally dissapeared?

Luckily I had done a backup only 5 days before this happened. Unfortunately it had been a little more than a month since I backed up the directory.

As an extra note I just discovered that I have the same problem with my mailing list script. Other than several tables being missing from the dB everything else looks normal.

I think it is interesting that in each of the three cases only certain tables were removed - it does not look random at all.

EDIT

When I first discovered the problem with the blog I did a back up of the current database, That way if I was messing with something I would at least have that to look at. Anyway, I was looking at the backup (.gz) and I found some weird stuff.

First off I noticed a lot of advertisements and totally unrelated articles (most were about wordpress so maybe that belongs, but I doubt it 99%)

Next I found a very long list of porno urls and image links (none of this showed up on the blog as far as I could see) the urls used were bettasearch . com

I think that confirms that there is a hack. If it can hit me it can hit anyone who has WP. I did not (and never do) have inappropriate permissions and have performed every upgrade that has been put out.

 

I'm not sure about his tables...he only told me about this over IM, but there were some directories there he'd not created and 404s were shown when that directory was browsed. However, Google had pages indexed that point to that directory. Porn sites...same as you.

 

Just write mail to wordpress help center they will ask your for few proofs like previous passwords and mail id u were using to operate that blog and may be you get your blog back . best of luck

 

Some people arent reading the thread before they reply. I did not lose access to admin and I was able to restore the site with a back up I had created less than a week earlier. I also have txt copies of all content so it was a quick task to replace what had not been backed up.

This has also been a learning experience for me. Now I am wondering if the strange stuff in the dB was undeleted spam comments that were included in the MySQL back up - I dont know for sure, but normally I do not have any spam as I take care of the comments daily.

My blog is back up now 100% (Well, maybe 99.5% because of comments not backed up) My interest now is to find out how it happened so I can try to avoid it in the future.

 

Obviously there was some loophole in your WP installation, that's why it got hacked. Have you taken any additional steps after restoring the backed up data?

Lostartofblogging dot com has an excellent article about securing WP installations dated 6 March, 2008. Take a look into that.

 

If you want to try link baiting then you should provide a link to the relevant article. You gave a url for your home page. I looked at it - didnt see the article you are talking about - got tired of looking for it. Thanks anyway though.

By the way it was a standard installation. AND you didnt read this thread before posting. This has happened to 3 different scripts - so whatever it was it wasnt caused by (or allowed by) a loophole in the WP installation.

 

Freaking OUCH. Going to back up blog right now...

 

OK I have learned what coaused all these problems with the missing tables. I have a reseller account with Axis Host. Ihad them to change the main domain for my account as I was selling the one that was being used as the reseller account. When they made the changes they didnt get all the tables "migrated" properly. Well, they did fix two of my tables/databases. They never admitted that it was their fault or apologized - even though I asked three different times. I really hate it when I am doing business with someone and they don't answer my questions. They absolutely ignored nearly every question I had and would reply with a one line response.

BUT later on my site went down and was page not found for about 40 minutes. I submitted a ticket and was told that my site was loading fine. Yes, it was by then, but it was a 404 for quite awhile. I was told "Your server is now up and was slow/down due to an abusive user this has been taken care of and shouldn't occur again."

Now here it is the very next morning and the website is page not found again. This site is over a year old, and gets an average of 2600 uniques per day.

A couple months ago I had some problems where the website was down for 20 or 30 minutes at a time several times in a day - and this happened on several days over a period of time. I would submit a ticket saying the site was down - 20 or 30 minutes later I would get a response saying, "Your site is loading fine for me" - Very frustrating.

GRRRRRRRRR!

.