hmm i dont understand what you mean about index.php "deface".. is that like a way to hack in? or something.. its just that with the hackers i've experienced with my blogs they've all gone through the users in the website who are administrator.. and changed their email/password to their liking which gained them entry. so i just stopped them as it is from getting into wp-admin to do anything.
You're right on that part, cause there are various ways of getting wp installation hacked, and index.php deface is one of them. whole shared server can be Mass index defaced, and all the websites installed on that server will suffer as well. That happens because wordpress is an open source script and those hackers can find out those loop holes and security vulnerability after every update release.
When I was on dedicated windows server I got hacked on every site and blog on my server...hosts advice was to change all passwords, remove webalizer, remove site studio. Nothing I did could stop them, nothing...they even put their own .htaccess files in there (they dont work on windows server though) - when I was trying to remove the code manually on my main site - WOW - they are good, had files so deep. I was amazed and could not keep them out. I changed to a unix box a few months back and have not been bothered since. I was using software that required an MSSQL database when I opened my account but do not any longer - this is why I was on windows server in first place. All the folks that have been hacked and think they cleaned it up and make all the good changes listed above but end up hacked again - a good chance that you did not clean it up as good as you thought.
Yet another WordPress upgrade needed: 2.8.4. http://wordpress.org/download/ http://secunia.com/advisories/product/6745/?task=advisories Check all plug-ins, too.
Hacked Again, or a different issue? d a i l y a u t o s b l o g . c o m - or click the link in my signature. Please look at the error on the left side and tell me if I was hacked again. I didn't have time to update to the most recent version of w.p. due to being away from the comp for many days but i had every other security measure imaginable in place.
I see what you mean - nothing is showing up at all now. I was able to access my admin pannel and tried to update with automatic update and got an error message: Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 2357046 bytes) in /file location on line 1327 Edit: Line 1327 ( file = http.php ) is: " $parts = explode("\r\n\r\n", $theResponse); " Edit Edit: Site is currently loading with: "Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 71 bytes) in /home5/threigsi/public_html/wp-includes/classes.php on line 918" Displayed in the side bar with nothing else.
Make sure you have local backup copies of your articles, database, everything important. See the links in my signature for step-by-step procedures. Don't skip the antivirus scans on your own PC. Because both these sites are on the same server at the same host, start communicating with your host about what has happened. Obtain your HTTP and FTP access logs for both sites. Do your FTP logs show people other than yourself making transfers?
Check out wordpress forums. I have WP sites. My experience is that you look for security related plugins (look at the plugins - most popular list - at wordpress.org. also, use .htaccess files, if you are on shared hosting especially. Your hosting company can help, and should want to considering its a security issue. Hope this helps
Looks like your mysql databse is infected. You can get your XML databse back up from your wp-admin> tools> Export, download that XML file + wp-content folder [ Important for uploads and Theme files]. and after getting all the backups, simply uninstall and re install your blog with fresh mysql database and restore [Import] your site will that XML database you exported from wp-admin. And from, now on keep updating your blog with every single security release from wordpress in your wp-admin. Let me know if you need any help regarding uninstalling it all and re installing it back.
If you've had an issue with someone repeatedly having your wordpress I advise (in addition to the quality suggestions sundaybrew made): 1) Download and install a fresh, latest WordPress Version, 2) Install the original Theme 3) Make sure the perms are right for all the files (755,644,etc) Also, when downloading WordPress Themes, always download them from the Original Publisher/Creator's website, lots of times these 3rd Party 'clearing houses' for wordpress themes are distributing compromised versions.
I exported just automatically thinking it would work, went to import and it was an empty xml file. Yay for wordpress. Lost all of my post.
It could be your host, it could be your plugins, it could be your permissions, it could be the way you login or FTP files. Read my Wordpress Security Guide for completely free information and free tools to secure and harden your wordpress powered site from hackers and spambots.
Is it necessary to backup all of your wordpress blogs often? I use hostgator and i heard that they backup their servers regularly? Do i still need to backup all my files and wordpress databases to prevent any loss caused by hackers? If Yes, then is there any tool to do it often for all the blogs as it can be quite a lot of work for those having multiple blogs. Please suggest.. Thanks..