Someone seems to be hacking my blog…

  • Hello,

    I tried a search on this, but I can’t find anything so far to help me. I hope I’m not posting something that’s been posted 1001 times before.

    I found a strange comment on my blog today that said ” A surprise “. When I open the article for the comment, it looked like someone had actually modified the article itself, titel and content. However, I realized that the original article was still there and still intact. Also, the modified article appeared nowhere in the Article section of the admin site. Upon closer inspection, I found that the page with the modified article and comment was named “?attachment_id=69”. I don’t know what that means, exactly, nor how I can remove this “page”, or how this was done, or how to prevent it. Can anyone help me with this ?

    Thank you !!!!

Viewing 7 replies - 1 through 7 (of 7 total)

  • Got a URL we can look at?

    Thread Starter sweetsounds

    (@sweetsounds)

    My blog is at https://www.unevieenmusique.com and the page that was somehow added is at https://www.unevieenmusique.com/?attachment_id=69

    I managed to remove the comment, but not the page itself.

    This may or may not help you but the following did happen to me.

    About a year and a half ago, I had a controversial post on my blog that caused someone to attempt to hack my blog. I found in my logs numerous attempts from an unfamilar IP address to the login page that matched the exact same IP address of a commented that I refused to post their comment.

    What I ended up doing because I was on a Linux server was setup the .htaccess / .htpasswd files (using a different name/password than WordPress) in the wp-admin directory of WordPress.

    That way, I login twice. The first time via Apache properties (the different name/password than WordPress) and once I am successfully past that, then I login via the WordPress login screen.

    If you need help setting up your encrypted password with the .htpasswd, you can go to this site

    https://www.ilovejackdaniels.com/apache/password-protect-a-directory-with-htaccess

    and there is an encrypted password generator that gives you the encrypted password to place into .htpasswd.

    Thread Starter sweetsounds

    (@sweetsounds)

    Thanks for the tip, Presto. However, I still don’t know how to get rid of the hacked page… It doesn’t appear in the ” Articles ” page, so I don’t know how to remove it…

    Are you sure you did NOT upload a zip file called
    Envoie chier tes collégues_1.zip [BTW, very bad practice to have space and-or accented characters in filenames!!!] ?

    When uploading a file you can select to be “attached” to a file/page and it seems this is what happened…

    Thread Starter sweetsounds

    (@sweetsounds)

    Yes, I did. That file was part of the original post. (I know avec the accents and stuff, this one just escaped me, that’s all.) However, the original post didn’t look like the page I gave you. This is the URL of the REAL post :

    https://www.unevieenmusique.com/?p=70

    Then, yesterday, I got an email saying I had a comment. I clicked on the link for the article given in the email, and found myself on the page I gave you in my messages : unevieenmusique.com/?attachment_id=69

    The comment said (once translated in English) : Hi there. A surprise.

    That’s the whole story. I got rid of the comment. Now, how do I get rid of the page ?

    The page is created by WordPress if the file is “linked to page” (as described here), and the comment may just have been a spam comment.

    You will probably get rid of it if you edit the post and set it to “linked to file” instead.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Someone seems to be hacking my blog…’ is closed to new replies.