Hacked, multiple times.

  • Hi there,

    Criminal people have found their love for turtles. O_o Unfortunatly.

    My WordPress installations keep getting hacked. I have had multiple blogs, and all of them were hacked in the past. The old 1.5 versions were hacked multiple times, and since I upgraded to the latest version, I was hacked once, just this past weekend.

    I know that visitors to my site are worried, that there might be a security hole that makes it “easy” for people to hack and possibly hijack WordPress blogs, which is why I am reporting this.

    Also, in the 1.5 version, I had a contact form plugin in use, through which my complete site was hijacked. Unfortunatly I deleated it immediatly, and therefore cant remember who the author of it was.

    I am not sure if there can be anything done against these people or rather against being hacked in general, but in any case, I promised to report it. If this is already known, I apologize in advance.

    Connie
    https://turtelina.net

Viewing 7 replies - 1 through 7 (of 7 total)

  • 1. Move host

    1.5.2 IS secure. No known exploits.

    Who is your webhost ?

    Thread Starter turtelina

    (@turtelina)

    Its Comforthost.

    My site is “pretty big”, and “they” really only touch the WordPress blogs, never anything else. Is there a way to find out if they hacked into WordPress or found other ways to touch it?

    Thanks Podz!

    They have sound on their webpage.
    Always a very bad sign. Esp for a company.

    It’s a shared server.
    Script kiddie uploads bad script and executes it
    Script looks for WP files because they have predictable names in a predictable structure.
    Script screws thinks up
    Host says “Must be a WordPress problem !!!!!!!!!!” when actually it’s because they do not put enough into security and looking after their clients.

    Move ??

    https://www.asmallorange.com are good, but a search here will produce other good hosts. The ONLY host on the hosting page here that has stood the test of time is Laughing Squid – no complaints ever.

    Thread Starter turtelina

    (@turtelina)

    Thanks again Podz for your help and explanations!

    (You were right, they ARE using shell bots.)

    My site also got hacked!!!! I feel so violated. And I was using 1.5.2. Could this have something to do with the fact that the login screen for wordpress is not SSL secured?

    The message from my web host… Apparently no one else was hacked.
    ——————————–
    From: ADThosting.com
    The username called “lingualnerve.com” was compromised !

    Your account had over 3.5 Gb of files owned by nobody, php scripts to send spams, and IRC bnc bots !

    we can’t host your account anymore, your domain will be terminated in 24 hours. do you have your back up?

    Larry Morgan

    ADThosting.com
    Leading Web Hosting Service Provider

    “php scripts to send spams, and IRC bnc bots !”

    This is in no way connected to WordPress – your account, your space, your responsibility.

    Get your backup. Your host is actually being incredibly nice about that – many many hosts would just kill your account.

    Are you saying that I GAVE my 18 character password with upper and lowercase letters, numbers, and punctuation marks out to someone!?! My wife doesn’t even know my password!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Hacked, multiple times.’ is closed to new replies.

Tags