| User | Post |
|
9:10 pm
21 Mar 2008
|
Phil
Guest
| | | |
|
| |
|
|
I guess it was bound to happen eventually, but apparently my blog got hacked today. I'm not clear on how or why, but my most recent blog post was erased and its title changed to “HACKED BY GHoST61″. It doesn't appear that the hacker did anything else at all, though, because nothing is changed on any other part of my blog or in my hosting files.
My SimplePress forum is set as the homepage of my blog, and nothing was touched there. To tell you the truth, I could lose every other part of my blog, and as long as my SimplePress page is in tact my income would be unaffected.
Anyway, on to my questions: has this ever happened to anyone else? How did this hacker change my post? Should I be worried about him doing it again? Does he have the ability to touch my SimplePress forum? And so on.
Any advice would be greatly appreciated, it's a scary feeling to know that someone can mess with your website.
|
|
|
|
|
Well yes is the answer.
You are the admin so make some changes quickly. First up, if you login as 'admin' change it. Change your password. if you still use login ID 1 ( as originally set up) then create a new account and move all your posts to it.
if your table prefix is 'wp_' (again the default and hackers know this of course) then that is hazardous and should be changed but that is not so easy after the event.
And as to the forum - upgrade to 3.0.2 immediately as it plugs a security vulnerability - possibly the one (sadly) they used to get in.
|
|
|
|
|
Oh yes - and back up regulalrly and make sure all your plugins and WP are up to date. There are plenty of 'holes' out there that can be exploited.
|
|
|
5:28 pm
22 Mar 2008
|
Ari
Member
| | | |
|
| posts 31 |
|
|
Phil: what version of WP are you using? I have 2.3.2 and got hacked as well…. only one article broken, so far.
Andy: What are the steps to be taken when changing table_prefix? All wp-database table names + some (which) files?
|
|
|
5:30 pm
22 Mar 2008
|
Ari
Member
| | | |
|
| posts 31 |
|
|
One more thing: there is a new version of xmlrpc.php file in 2.3.3 (vs 2.3.2). Older version of it may have a hole in it…
See excerpt from 2.3.3 release notes: “WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. “
|
|
|
|
|
Updating your table prefix IS possible but it's not straightforward.
Obviously you would have to edit each table name (in a tol like phpMyAdmin) to change the current prefix to the new one.
It gets tricky in the 'usermeta' table. This takes the forum of 'key/value' pairing. Some of the entries in there that WP creates have their keys also prefixed with your table prefix - specifically the 'user_level' and 'capabilities' entires. If you open it up and take a look at the entries you will see this. This is also the case for any users so ALL of these records would need to be changed.
Then finally, you would, of course, need to alter the prefix as stored in your WP config.php file.
To the best of my knowledge that is all that is required but it might be worth checking on the WP forum as well just to be on the safe side. And remember of couurse, you would have to take your site completely off line while doing this. And I would, as always, recommend a full backup before starting such a procedure.
|
|
|
6:17 pm
22 Mar 2008
|
Ari
Member
| | | |
|
| posts 31 |
|
|
Found this kind of information about table name changes. Does it look right to you?
http://www.talkincode.com/changing-your-wordpress-database-prefix-91.html
Again, there seems also to be a plugin for the job, but I don't know what it does…
http://blogsecurity.net/wordpress/tool-130707/
|
|
|
|
|
The document looks OK. Don't know about the plugin but generally i think their stuff is sound.
|
|
This forum is currently locked - access is read only
Forums
