1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WTF My Website Got Hacked?

Discussion in 'Blogging' started by wannaknow, Aug 31, 2012.

  1. wannaknow

    wannaknow Registered Member

    Joined:
    Sep 2, 2009
    Messages:
    58
    Likes Received:
    18
    hacked.png
    Just two Days back i installed wordpress for my new blog, Today i checked my site it says "Hacked by Tetova Hackers Team"
    Could someone Tell me How did they do it?
     
  2. leena

    leena Jr. VIP Jr. VIP

    Joined:
    Apr 13, 2010
    Messages:
    1,980
    Likes Received:
    757
    Just check hack forums . net , there are 100 of guys doing it there just for fun.
     
  3. Jcthechamp

    Jcthechamp Newbie

    Joined:
    Jun 26, 2011
    Messages:
    34
    Likes Received:
    2
    nvm..
     
    Last edited: Aug 31, 2012
  4. LiamLC

    LiamLC Regular Member

    Joined:
    Nov 1, 2009
    Messages:
    408
    Likes Received:
    282
    Occupation:
    Student/Webmaster
    Location:
    UNTRACEABLE...
    they found and exploited a vulnerability in wordpress although it could have also been a plugin or something that you used.
     
  5. wannaknow

    wannaknow Registered Member

    Joined:
    Sep 2, 2009
    Messages:
    58
    Likes Received:
    18
    I checked hack forums .net these guys are having there own forum t-h-teamdot7forumdotnet search google for techtova
    I didn't install any plugins it was a standard install with default plugins but i did choose one theme(don't remember the theme name).
     
  6. Pipelin

    Pipelin Regular Member

    Joined:
    May 31, 2011
    Messages:
    253
    Likes Received:
    124
    Also this can be a host problem, so they hack whole host and add index file to all domains on that host, don't matter if your site is 100% secure.
    Btw, this skiddies are from my country. lol poor kids.

    http://whois.domaintools.com/YOURSITE.COM please tell me how many sites are hosted on that host, check Reverse IP part.
     
    Last edited: Aug 31, 2012
  7. wannaknow

    wannaknow Registered Member

    Joined:
    Sep 2, 2009
    Messages:
    58
    Likes Received:
    18
    816 sites are hosted, i did Reverse IP and checked like 3 sites and they are working fine.
     
  8. Junkfood00

    Junkfood00 Elite Member

    Joined:
    Sep 13, 2011
    Messages:
    1,949
    Likes Received:
    1,336
    So you don't happen to remember the name of something you installed 2 days ago or have the files on your pc?

    I believe it's the timthumb file that got the exploit, if there is a such one.
     
  9. hassan_isabad_subar

    hassan_isabad_subar Jr. VIP Jr. VIP

    Joined:
    May 23, 2012
    Messages:
    260
    Likes Received:
    70
    Occupation:
    BHProxies Staff
    Home Page:
    They use google dorks and stuff like that to find these sites. They don't really do it for fun as much as for reputation. You probably weren't singled out, and chances are they just got through someone on the shared hosting plan.
     
  10. wannaknow

    wannaknow Registered Member

    Joined:
    Sep 2, 2009
    Messages:
    58
    Likes Received:
    18
    I don't know what is this tinthumb file but i think since i have like 4 more sites on the same hosting plan and i didn't do any installations in other domains just changed the Nameserver address.
    probably you are right.
     
  11. wannaknow

    wannaknow Registered Member

    Joined:
    Sep 2, 2009
    Messages:
    58
    Likes Received:
    18
    Here's the index page

    Some more Info
    <html> <title>| HACKED BY Tetova Hackers Team |</title> <body bgcolor="00000"> <br> <center><img src="http://img27.imageshack.us/img27/2640/logoavj.jpg" width="470px" /> <h4><font color="#d81126">Hacked By DJ-DUKLI ~ B4T1 ~ FUKKI ~ ACCDE ~ GHOST OF TUN</h4> <br><font color="#d81126">Your System is Owned ! <SCRIPT SRC=../wwwDOTotoelektronikDOTnet/yazciz/ciz.js></SCRIPT> <div> <script language="javascript" src="hxxp://pichakdotnet/blogcod/cod-music/player/?type=2&files=hxxp://skydailymusicdotcom/risi/-%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20HITET%20DHE%20ALBUMET%20E%20FUNDIT%20[PREMIER%20NE%20RISI-KS%202012]/-%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20Unikkatil%20ft%20Klepto%20-%20Kuq%20e%20Zi%20[Premier%202012]/Unikkatil%20ft%20Klepto%20-%20Kuq%20e%20Zi%20(RISI-KS%202012).mp3&start=1&random=0&replay=0&vol=100"></script><div style="display:none"><h1><a href="http://pichak.net"></a></h1><h1><a href="hxxp://pichakdotnet/blogcod/cod-music"></a></h1></div><script language="JavaScript" type="text/javascript" src= "hxxp://wwwdotpichakdotnet/p/js/web/46617182396019726201.js"></script> </div></div></body></html>
     
  12. uniquecontent

    uniquecontent Registered Member

    Joined:
    Aug 7, 2012
    Messages:
    90
    Likes Received:
    8
    Home Page:
    Very sad. How someone can hack the site? Wordpress are not safe now? I am really shocked. Anyone have the idea how to avoid hacking on the website?
     
  13. dgthiyagu

    dgthiyagu Regular Member

    Joined:
    Mar 23, 2011
    Messages:
    266
    Likes Received:
    141
    replaced the index.php file of your theme again... it will be fine... once it happened to me... i did this...

    Give a try
     
  14. rkwebs

    rkwebs Power Member

    Joined:
    Sep 23, 2010
    Messages:
    602
    Likes Received:
    87
    Occupation:
    IT
    Location:
    India
    Home Page:
    so much lack in wordpress last time i reached a articles world simplest site which can hack easily
     
  15. bigballin6161

    bigballin6161 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 16, 2011
    Messages:
    1,084
    Likes Received:
    420
    I have been hacked a few times. Just call your host and ask them to reset it to when the last back up was. It sucks ass.
     
  16. sforzando

    sforzando Jr. VIP Jr. VIP Premium Member

    Joined:
    May 27, 2011
    Messages:
    368
    Likes Received:
    120
    My guess for the vulnerability would be an old timthumb.php file in one of your downloaded themes. I'd also follow bigballin's advice. Hostgator removed all the malware from my hacked domains for free.
     
  17. jox51

    jox51 Regular Member Premium Member

    Joined:
    Oct 16, 2011
    Messages:
    215
    Likes Received:
    59
    Location:
    ....
    Just outta curiosity, what content did you have on the wordpress site?
     
  18. dima054

    dima054 Regular Member

    Joined:
    Jan 19, 2011
    Messages:
    447
    Likes Received:
    154
    LOL i can hack probably between 1 to 10% of all the wordpress sites population. Hehe. But of course i wont as i earn my money legal way.

    Especially this comment is lol.
     
  19. OriginalEXE

    OriginalEXE Power Member

    Joined:
    Feb 6, 2012
    Messages:
    634
    Likes Received:
    664
    Occupation:
    WordPress developer
    Home Page:
    • Thanks Thanks x 1
  20. wannaknow

    wannaknow Registered Member

    Joined:
    Sep 2, 2009
    Messages:
    58
    Likes Received:
    18
    lol it got again hacked by some pak army i did have a little conversation with my hosting provider after that they fix it up and asked me to regularly change FTP passwords and to stay away from shady looking wordpress plugins.