1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Someone hacked my wordpress site, but left traces

Discussion in 'BlackHat Lounge' started by Chicilikit, Sep 25, 2012.

  1. Chicilikit

    Chicilikit Senior Member

    Joined:
    Dec 21, 2010
    Messages:
    956
    Likes Received:
    188
    Hello, I have just found that someone hacked one of my wordpress site. It is only "wordpress hack" it seems he was not able to get into my ftp, i dont even see that he changed anything. He just grantem himself somehow admin rights and did not even dele my admin account, just gave me no user role so I could not even login. It seems weird, I have been attacked by hackers many times before, but it was always because of money and those guys changed lot of code and it was just hell and took weeks to get rid of all that bad stuff, well this seems different.
    I managed to get access to my wordpress pretty easily just changing passwords with phpmyadmin. I really dont see any reason of this attack while he did not change any referral codes or something, just did this stuff with accounts and now all posts are signatures with him instead of me as admin. Dont see really any reason behind all this.
    My questions are: How he could do this and is there any way how can I find more about him? He left his email address, but I do not know.. maybe there are some traces which I do not know how to find.
     
  2. bigmoneymaker

    bigmoneymaker Newbie

    Joined:
    Aug 23, 2012
    Messages:
    1
    Likes Received:
    0
    Did you contact your hosting services? Perhaps they give you some suggestions?
     
  3. gamingmaster42

    gamingmaster42 Regular Member

    Joined:
    Jul 21, 2010
    Messages:
    475
    Likes Received:
    177
    Home Page:
    I would suggest you also check for backdoors.
     
  4. ReALeST

    ReALeST Power Member

    Joined:
    May 16, 2012
    Messages:
    585
    Likes Received:
    399
    sorry to hear bro...maybe he captured ur session cookies....oh well..thats life..shit happens:)
     
  5. iulianh

    iulianh Regular Member

    Joined:
    Feb 3, 2008
    Messages:
    349
    Likes Received:
    502
    If use downloaded and used cracked wordpress themes or plugins this is the way he got into your wp admin.
     
    • Thanks Thanks x 1
  6. AnotherOne

    AnotherOne Senior Member

    Joined:
    Nov 28, 2011
    Messages:
    950
    Likes Received:
    189
    Occupation:
    SQA
    Location:
    JMeter & Selenium
    Two quick suggestions.
    1. Scan your themes and plugins.
    2. Compare your .sql file with your backup(if any).
     
  7. Chicilikit

    Chicilikit Senior Member

    Joined:
    Dec 21, 2010
    Messages:
    956
    Likes Received:
    188
    I use now almost only themes from wordpress.org and I do scan them. I would like to know what is session cookie and how the hell can someone "capture" it? I have had problems with hackers before, so I made lot of stuff to protect myself, but it still seems that nothing is enough. Is wordpress really so vulnerable?
     
  8. ehinoze

    ehinoze Power Member

    Joined:
    Feb 1, 2011
    Messages:
    735
    Likes Received:
    117
    Occupation:
    Internet marketing
    Location:
    London
    This is really a hard situation because he already changed the signature of all your posts and you have no idea if hes got what he wanted already.or if hes waiting for your next loophole to attack.hurry and report this to your hosts.