Some strange person change my weblog title – Please help

  • Someone maliciously got access to my options-general.php in the admin and changed my weblog title to this.
    [ Eddy_BAck0o 0wnz y0u !! ]

    Can you please help me fix that security issue.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Moderator James Huff

    (@macmanx)

    What version of WordPress are you running?

    Thread Starter Andy

    (@heroworld)

    Wow! Many thanks for your quick reply.
    I am running version 1.5.2

    Moderator James Huff

    (@macmanx)

    Hm, interesting. All known security holes were plugged as of v1.5.2. You may want to change your WordPress admin and MySQL database passwords. The weakest link in the chain is always the password. And, since the options-general.php file cannot be accessed directly, you may also want to ask your hosting provider what the point of entry was.

    Thread Starter Andy

    (@heroworld)

    Great I am going to change the password now. Also, was I supposed to remove the install.php file? For some reason, I didn’t do so. Could that be the problem?

    Moderator James Huff

    (@macmanx)

    At this time, there is no risk to leaving the file online. Under WordPress v1.2, a hacker could use install.php to delete your entire blog, but that security hole was plugged with WordPress v1.2.2. If you are concerned, I would suggest that you remove the file, as it is no longer needed.

    Who is your host ?
    What permissions did your theme files have ?
    How do you know exactly which file was accesses ?
    What has your host said about this ?

    Thread Starter Andy

    (@heroworld)

    My theme folders have permisssion 755
    I don’t know exactly which file was access. I noticed all the titles of my pages say
    [ Eddy_BAck0o 0wnz y0u !! ] In the options file I changed the title back to original. But now I am afraid the person may access it again.

    My host is gazzin. I chatted with them this is what the guy showed me when I asked for the point of entry:

    ire/public_html/favicon.ico[Fri Dec 16 09:16:30 2005] [error] [client 70.51.237.172] File does not exist: /home/inspire/public_html/404.shtml[Fri Dec 16 09:17:04 2005] [error] [client 207.255.55.235] File does not exist:

    Thread Starter Andy

    (@heroworld)

    I am not really sure if my theme folder is supposed to have 755 permission. My issue if sort of scary.

    Moderator James Huff

    (@macmanx)

    My host is gazzin. I chatted with them this is what the guy showed me when I asked for the point of entry:

    ire/public_html/favicon.ico[Fri Dec 16 09:16:30 2005] [error] [client 70.51.237.172] File does not exist: /home/inspire/public_html/404.shtml[Fri Dec 16 09:17:04 2005] [error] [client 207.255.55.235] File does not exist:

    LOL! Switch hosts, now! You asked them for a possible point of entry and they give two error log entries showing “File does not exist” errors. How on earth can a file that doesn’t exist be a point of entry?! Not to mention the fact that those are two separate IPs. “File does not exist” (code 404) errors are common. They happen whenever we try to view something that doesn’t exist, and they are usually caused when we are mislead by a faulty link or our browsers attempt to find files which are “standard” to some sites (such as a favicon.ico). These are not hacking attempts. Your hosting provider is either massively incompetent, or they are just blowing you off.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Some strange person change my weblog title – Please help’ is closed to new replies.