What to do when hacked?

Discussion in 'WordPress' started by TxDon, May 20, 2007.

0
  1. #1
    I just had one of my WP hacked.

    I'm wondering what to do next. Do I delete all the files, upgrade. What?

    My version was 2.1.3. I was waiting until the issue with 2.2 were resolved, guess I should have put up with the issue rather than being hacked!

    Any help on how to get my blog back would be appreciated!

    TxDon
     
    TxDon, May 20, 2007 IP
  2. TxDon

    TxDon Active Member

    Messages:
    236
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    58
    #2
    UPDATE:

    The more I thought about it, the more I seem to remember Shoemoney being hacked a while back. The page this joker had up on my blog resembled the one on Shoes site when it was hacked.

    I seem to recall Shoe saying he had phpBB on his server and that was how the hacker got in. I don't remember the details, I just remember him saying that.

    I went to my host and searched through my files because at one time, this particular blog had a phpBB forum with it. (the spam got out of hand and I shut it down)

    Sure enough, there was a phpBB folder there. All the permissions were checked for this folder, ie; read, write, exe. I had trouble deleting this folder until I unchecked those boxes.

    The same was true for my index.php file.

    I then upgraded to WP 2.2 and everything seems fine right now. The blog is back to it's old self. Hopefully I'm not owned any longer...lol...it's nice to be a free blogger.

    TxDon
     
    TxDon, May 20, 2007 IP
  3. Shoemoney

    Shoemoney $

    Messages:
    4,474
    Likes Received:
    588
    Best Answers:
    0
    Trophy Points:
    295
    #3
    make sure there is no weird files in /tmp or anything running that you dont know exactly what it is.
     
    Shoemoney, May 20, 2007 IP
  4. TxDon

    TxDon Active Member

    Messages:
    236
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    58
    #4
    Didn't know about the tmp, but I did look over the files for anything outof place.

    Thanks for the tip about the tmp files, I'll go and check now.

    TxDon
     
    TxDon, May 21, 2007 IP
  5. Shoemoney

    Shoemoney $

    Messages:
    4,474
    Likes Received:
    588
    Best Answers:
    0
    Trophy Points:
    295
    #5

    ya the tmp directory is where people will download files to (its the one spot where usually the webserver can always write to) then execute them and delete them so the binary runs in memory.
     
    Shoemoney, May 21, 2007 IP
  6. bingu

    bingu Peon

    Messages:
    60
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    wordpress 2.2 released
     
    bingu, May 22, 2007 IP
  7. richrf

    richrf Active Member

    Messages:
    1,101
    Likes Received:
    26
    Best Answers:
    0
    Trophy Points:
    88
    #7
    Hi,

    I was also hacked early on. A couple of things I do:

    1) I watch what plugins I use, since a plugin, particularly if it has database access and is not well written and tested, can be a security hole. I don't know what WP doesn't do a better job of warning users about this or set up better quality control in order to minimize this problem.

    2) I change the default name of the database so that it is more difficult to hack.

    But I have to say, I am always a bit nervous about new releases of WP. Not too long ago, their own server was hacked (WP that is), and users were downloading hacked software. I am always on the look out for a more secure CMS product (ExpressionEngine looks better than most in this regard), especially as I scale up. I think security issues are one of the reasons you may find some of the larger blog sites which often use Moveable Type.

    Rich
     
    richrf, May 22, 2007 IP