all my wordpress sites got hacked

HELP ME FROM THE HACKERS

I am hosting wordpress site on hostgator for last one year and had no problem but today when i checked my sites i was shocked as of my hosted sites got hacked. I had also installed wordpress plugin WP Security Scan, still my sites are hacked.

Homepage is showing the following message not my site homepage

! Security ??? LiiVe FrEe Or DIE HarD !

!![ Dr.Ze3lA ] Is BacK!!

Mail Me : xv_x[at]live[dot]com
-------------------------------------------

My sites

1stinventions dot com
babieshut dot com

I am currently using wordpress 2.8.4, I had upgraded few of my site to 2.8.5 and they are back.

Please can any one guide me what's wrong, what should i do to prevent this in future.

 

Use a unique secure passphrase for each wordpress account, your hosting account, for everything.

 

this happened to me earlier this year...

did the hacker put any malicious code on your site?

has google put a visitor warning on your site stating malicious site or any other warning?

what ftp program are you using? and do you use secure transfer?

 

same thing happen to 5 of my wordpress blogs.

it's hosted on justhost.

 

I'm with Hostgator also but no probs so far.

I use a free plugin called Login Lockdown...try it out when you've re-installed everything.

I'm sure I read about a couple of compatibilty issues with Security Scan but think these have been resolved now.

Also, don't forget WP-Backup.

 

hey man I had this too once. what to do next?

Install the exploit scanner plugin that scans your wordpress installation for shit that shouldnt be there.
wordpress.org/extend/plugins/exploit-scanner/


Use this plugin to prevent this from happening again!!!
wordpress.org/extend/plugins/bad-behavior/

 

Are you using latest wordpress version?

 

Do you have any idea how the hacker got in. Do you think he figured out your password or was it an exploit? You got me worried now.

 

Seems like your site is still down by some Moroccan Hackers

 

it's a like terrorist attack on your website

 

Here is a list of exploits that wp is vaul to:

http://milw0rm.com/search.php
Type in wordpress in search

If you have any of those plugins then you can be injected

 

Try updating your instalations to the latest versions. You should still have access to:

Code:

http://babieshut.com/wp-admin

And

Code:

http://1stinventions.com/wp-login

If the upgrade to the latest version doesn't work, make sure you get rid of the exploid by using exploid scanner plugin.

Good luck and keep us posted

 

have the same problem and were trying to resolve it right this very moment.

so what's the consequence if google has placed a warning on the blog (something like "this site may be harmful to your computer")? what should be done to remove that warning? obviously this is bad for the blog's reputation and we are worried it might shoo away our loyal and prospective readers...

any help and suggestions would be appreciated. thanks.

 

Hmm. This thread got me reading about WordPress hacks and exploits. From what I read so far at wordpress.org, only older versions of WordPress seems to be affected. The latest version seems to be immune.

 

Same thing happened to me on some of my WP sites. But I upgraded to the latest version and haven't had any trouble since.

 

i have yet to have a problem with any of my wordpress, but now that you mention it, i will check and recheck everything, do a few scans. maybe you should too.

 

ok, what do you do if you have one of those plugins installed? i do and find it very much a pain in the ass to upgrade my wordpress all the time. is there another plugin i can install to protect me?

 

Most likely, the hacker didn't need a pw for admin priviledges. A simple SQL Injection or RFI exploit would allow him to have free reign over the site. I'm not sure about security in this particular part because I've never ran a site with WP on it. Only on php and basic html. If the hacker did use a pw, a brute forcer is all it would take, it doesn't take but a second or two for the hacker to retreive your pw from a brute force or exploit.

 

If you used Fantastico to set up your blogs, this is the reason.

Fantastico makes all easy, for crackers too

 

login to yor cpanel and password protected wp-admin folders