My site keeps getting hacked

  • Twice this week I have shot over to my blog to find that the main index.php file had been changed and instead of my blog showing up I get a bunch of crazy nonsense about turkish hackers. The first time I simply uploaded a fresh copy of index.php and it worked fine. The second time my password had been changed to a random string of numbers in wp-config.php. I set it back to normal and now things are fine. Any idea how they keep changing my files? I don’t know that this is an issue with wordpress per say. It could well be that I’m leaving something exposed somewhere else (file permissions, for example). Thanks in advance.

Viewing 7 replies - 1 through 7 (of 7 total)

  • WOW…This is a very important issue.
    Especially if someone is actually getting deep into your web site…
    I am very surprised that no one has responded to this…

    Searching these forums for “hacked” would save a lot of time.

    Helpfully bumping after only 45 minutes didn’t do the OP any favors. His post is no longer on the “no responses” list that volunteers use.

    If they’re editing the password string in the wp-config file, it sounds like it may be a server security issue, not a wordpress one.

    What version of WP are you using? If you’re not at 2.6.1, you may want to upgrade.

    Thread Starter binaryorganic

    (@binaryorganic)

    I started poking around in phpmyadmin and found that several users had been created last year and somehow or another they managed to bump me off as admin. I was locked out of the site and have, after forcing a password reset, managed to get back in. What’s curious now is that the site is working fine, but if you try to click on a post it is trying to go to an address that has two forward slashes in it, causing a 404. They changed the 404 page to all their “you’ve been hacked” propaganda and all that. I deleted the 404, but it’s still redirecting those pages. You can check it out at binaryorganic.com/text. Just try to click on a post title and see what I mean.

    Check the .htaccess files.
    Check your own computer for viruses and spyware.
    Change all passwords from a clean secure computer.

    Perhaps you are getting a 404 on the post because you had set it up to make permalinks but your .htaccess file is not setup for it. Double-check .htaccess and the permalinks setting in your blog and make sure you have the right snippet of code in your .htaccess file.

    I agree though, it sounds like your host or the box itself was hacked, not your wordpress.

    I had my index.php hacked as well, but i also have other things installed on my site like WHMCS and it all works fine. Just nothing related to wordpress. And I had 2.7 it was hacked so my host suggested i upgrade to the latest, and it was 2.8 and then 2 days later i got hacked again. Some egyptian bastards. They are looking at logs and everything. If you do get it fixed, becareful when logging in because if you fail to login the first few times it may be set up to send the input information to the admin email on file which can be easily changed if they change your index.php file. I noticed the hackers email as my admin accounts new email address so password changes got sent to him when i request to have it reset. They didnt want anything, they just want to fuck around with people.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘My site keeps getting hacked’ is closed to new replies.

Tags