1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My Blog Got Hacked? Please help!

Discussion in 'Blogging' started by AGSniper, May 18, 2011.

  1. AGSniper

    AGSniper Regular Member

    Joined:
    Jul 8, 2009
    Messages:
    266
    Likes Received:
    39
    Hello,

    Today, I checked 1 of my domain and it got this picture that says I got hacked below. I checked all my domains on my account, and this happened to almost all my Wordpress blogs. Anybody know anything about this?

    I can't upload the image for some reason, so here is the link to the image :

    http://postimage.org/image/2gubedv8k/
    [​IMG]
     
  2. Silly

    Silly Regular Member

    Joined:
    Sep 21, 2009
    Messages:
    454
    Likes Received:
    70
    Occupation:
    Cleaner
    Location:
    Belgium
    Home Page:
    change your password
     
  3. OrderZero

    OrderZero Newbie

    Joined:
    May 4, 2011
    Messages:
    7
    Likes Received:
    2
    Change ALL of your passwords and check all of your scripts for modifications (there should be 'last modified' time (although this can still be modified) and check for obvious shells system() passthru() etc. and odd looking files) In addition check other websites on the same box and make sure none of them have met the same fate, if they have it may be the box itself that was rooted in which case contact your hosting company.
     
  4. robibrk

    robibrk Regular Member

    Joined:
    Aug 23, 2009
    Messages:
    321
    Likes Received:
    121
    I am sure it is only a .htaccess file modification. Check your .htaccess file.
    Did you used free templates?
     
    Last edited: May 18, 2011
  5. Allis

    Allis Newbie

    Joined:
    Dec 26, 2010
    Messages:
    17
    Likes Received:
    1
    Occupation:
    Admin
    Location:
    World
    Home Page:
    Change All site and FTP acount passwords
    Check your .htaccess ant ather files
     
  6. islandman1010

    islandman1010 Elite Member

    Joined:
    May 10, 2008
    Messages:
    1,592
    Likes Received:
    139
    Make sure you are using the latest version (3.12) I think. This happened to me as their was a flaw in version 2.92 that allowed a backdoor way in.
     
  7. kilaz

    kilaz Jr. VIP Jr. VIP

    Joined:
    Aug 15, 2009
    Messages:
    876
    Likes Received:
    382
    Home Page:
    If your worried about leaving hacked files laying around you may want to do a fresh install and then just import your old database. Unless you can find out how they got in by looking at the access logs, etc.
     
  8. BHopkins

    BHopkins Moderator Staff Member Moderator Jr. VIP

    Joined:
    Dec 31, 2010
    Messages:
    2,316
    Likes Received:
    1,388
    Gender:
    Male
    Occupation:
    ORM and SEO company owner
    Location:
    California
    Home Page:
    A lot of times they'll add users to the database so check wp_users before trusting that you're safe.
     
  9. AGSniper

    AGSniper Regular Member

    Joined:
    Jul 8, 2009
    Messages:
    266
    Likes Received:
    39
    Hello,

    Thanks everyone for the advice. I found the majority of the problem in the index.php files of the wordpress file.

    However, I am definitely going to check the database and have someone who is experienced check over the website.

    I have changed all the passwords and such as well.

    Hopefully, this was a temporary thing by an inexperienced person. What also surprised was that my business mail that I use got compromised last week, so I'm trying to see if they are connected. If I could get the IP of the person who accessed my mail, I could definitely match it up to this one.

    Thanks again for all the help and support guys.

    If you have any suggestions or comments, anything would be appreciated!
     
  10. SilentShot

    SilentShot Regular Member

    Joined:
    Jul 12, 2010
    Messages:
    248
    Likes Received:
    19
    best part they put so much effort into there little logo haha losers
     
  11. therealmadhatter

    therealmadhatter Regular Member

    Joined:
    Mar 13, 2011
    Messages:
    247
    Likes Received:
    161
    Occupation:
    Jobless
    Location:
    BHW is my home
    good luck mate
     
  12. bulletservice

    bulletservice Regular Member

    Joined:
    Mar 1, 2008
    Messages:
    291
    Likes Received:
    333
    Have you found how your blog was hacked? Hacker's attack/virus/trojan? I hope your blog is up and running. Best of luck.
     
  13. kilaz

    kilaz Jr. VIP Jr. VIP

    Joined:
    Aug 15, 2009
    Messages:
    876
    Likes Received:
    382
    Home Page:
    If you have a copy of the web access logs you should be able to find out what command they issued to hack the site, Unless it was done via some other method (FTP) but more then likely they just exploited one of the PHP files.
     
  14. clau82

    clau82 Junior Member

    Joined:
    Aug 9, 2009
    Messages:
    158
    Likes Received:
    23
    Definitely get the logs - ask for them at your hosting company. Depending on your luck they will have them or not. Replace all passwords, especially the main WHM/cpanel. Might wanna check your PC for keyloggers and stuff if you're at it :)
    Most likely is an exploit.
    Keep looking for modified files, your hosting should help you.
     
  15. ouchthathurts

    ouchthathurts Regular Member

    Joined:
    Feb 16, 2011
    Messages:
    438
    Likes Received:
    654
    Occupation:
    SEO
    Location:
    Japan
    Will be an exploit that they have ran on a program like scrapebox to mass deface, bunch of script kiddies

    "HACKED BY PHG-CR3W"
    About 11,300 results (0.21 seconds)
     
  16. lazyfrog

    lazyfrog Junior Member

    Joined:
    Jan 19, 2009
    Messages:
    103
    Likes Received:
    29
    This is unfortunate and can happen to anyone, so beware everyone.