Hacked?

  • Emilie

    (@emiliervgmailcom)


    11 years, 10 months ago

    Would like opinions on this situation :

    I received an email from a student this morning (I teach web design and I have them working on my WordPress Multisite install) that he got this email :

    Your new Multisite site has been successfully set up at:
    https://www.xxxxxxxx.com/multisite/xxxxxxxx/

    You can log in to the administrator account with the following information:
    Username: xxxxxxxx
    Password: N/A
    Log in here: http:/xxxxxxxx/multisite/xxxxxxxxx/wp-login.php

    We hope you enjoy your new site. Thanks!

    –The Team @ Multisite

    I removed some informations with the x but the rest is the same : Password showed N/A and I didn’t create any users.

    Yesterday the site worked and I didn’t do much on it. My students can add CSS but not plugins or themes.

    So I tried to login this morning and I get a pop-up requesting Username and Password instead of the normal login screen. Pop-up says :

    The server xxxxxx:80 requires a username and password. The server says : Human Check – U:wordpress P:xxxxxxxxx

    I removed the password information but none of these informations correspond to my login and password. I tried checking my cPanel and I get the same pop-up. I didn’t enter any of my info but some of my students probably did. Smells fishy?

    What’s your take on this?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter Emilie

    (@emiliervgmailcom)

    Just to add info, I’ve contacted my host to see if it’s something they have implemented and I’m waiting to hear back from them. Is that common?

    I’d recommend looking through the functions.php file of all your themes, then the wp-config.php for your MultiSite, and finally the .htaccess for any weird code!

    Thread Starter Emilie

    (@emiliervgmailcom)

    Thanks Brett, checking right now. I have other WordPress installations on this space and all are reacting the same.

    Thread Starter Emilie

    (@emiliervgmailcom)

    I’ve checked the functions.php of the theme the student used but checking all of them will take forever (they made me install LOTS of themes in their enthusiasm lol…) nothing fishy in my .htaccess or wp-config files and in the functions.php files I’ve check so far

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    Try running your site on this
    https://sitecheck.sucuri.net/scanner/ – To check for malware.

    Thread Starter Emilie

    (@emiliervgmailcom)

    Everything is good (only warning is for outdated software), I have some older WordPress installations on there.

    I strongly suggest that you read this article.

    Thread Starter Emilie

    (@emiliervgmailcom)

    esmi, great info thank you! I will go through it and fix what needs to be.

    Things got solved out. My web host spotted attacks and installed that extra check to make sure we don’t get hacked. I much prefer that! Currently making sure all my students’ sites are ok.

    Just to follow up, I think many webhosts were implementing this as part of a defense against brute force password attacks. Surprised me too! I don’t think we were hacked, just a security precaution on the part of webhosts.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Hacked?’ is closed to new replies.