Hacked



ha, no shit huh. panic mode there. Client site, so much fun right now.

They managed to get into the wp admin, change the password and somehow display their hacked page. I risked it and logged into cpanel, changed the password. Went in thru ftp and can't see any modified files (by date, I hadn't been in there in 4-5 days) other than the "Maintenance" index.html I slapped up.
 
The nature and size of WP means that there are almost guaranteed to be exploits available with each release.

Do you know how they got in?

<edit>
got there a few seconds before me :)
use sftp, secure WP passwords and IP lock the admin area.
Also - plugin files are editable from WP. Check the last edit time of all the plugin files.
</edit>
 
SpamHat said:
The nature and size of WP means that there are almost guaranteed to be exploits available with each release.

Do you know how they got in?

<edit>
got there a few seconds before me :)
use sftp, secure WP passwords and IP lock the admin area.
Also - plugin files are editable from WP. Check the last edit time of all the plugin files.
</edit>
Click to expand...

Nothing since mid january. F'n wierd, cuz I made the index.html in file manager thru cpanel and when I logged in thru ftp, it showed it being updated today.

@ Stanley, from every .php file in the install?
 
if that site is on a shared hosting plan they could have used another domain to get there

it happened to me once and most of my sites on that hosting plan where hacked
 
Stanley said:
Remove the WordPress version number from the template.
Click to expand...

Grindstone said:
@ Stanley, from every .php file in the install?
Click to expand...

Just find the functions.php file in your theme's folder. Add this line:

Code: 
<?php remove_action('wp_head', 'wp_generator'); ?>

This will stop WordPress from automatically adding a <meta name="generator" content="WordPress X.X" /> tag.

You may need to also check your theme's header.php file to make sure the theme author didn't add their own version number tag.
 
^ something, I've been running virus/spyware scans nonstop since they booted me out of cpanel and ftp by changing the password while I was logged in, nothing.

hxxp://gogorton.com if anybody wants to see these guy's style.
 
I don't know, I can't get into anything where I could do that.

For those of you who've read the threads about hostgator sucking, this is a prime example. Support emails with security instead of live chat is the suck.
 
Can you just change the nameservers temporarily for the domain at the registrar until you can regroup and then restore from a backup?
 
Yeah, that's the thing to do for now.

Go hit godaddy from a different machine.

Fuck, I knew I was in for it when I dickrolled bofu and emp in the same thread.

I srry gaiz, i kan haz site back?
 
The new version of wordpress has about 15 different exploits that even a basic hacker can get to easily. Put a password on your wp-admin file, change the username from admin to something else, change all the passwords to wordpress and your hosting account. A lot of people are getting hit because wordpress puts out unsecure versions without testing including the websites Techcrunch and Shoemoney.
 
-Matt- said:
Just find the functions.php file in your theme's folder. Add this line:

Code: 
<?php remove_action('wp_head', 'wp_generator'); ?>
This will stop WordPress from automatically adding a <meta name="generator" content="WordPress X.X" /> tag.

You may need to also check your theme's header.php file to make sure the theme author didn't add their own version number tag.
Click to expand...

Your version will still leak via your feeds going that route. Instead you should...

/includes/version.php

Change:
$wp_version = '2.9.1';
To:
$wp_version = '6.9';

Don't go with a low version number or you'll keep getting that upgrade nag.
 
  • Like
Reactions: moratraffic
You must log in or register to reply here.
Top Bottom
Back