• Please look at my blog– https://www.withchrist.com/shilohsplace

    I guess someone from Turkey didn’t like it and decided to make a political statement. It’s kind of funny because i don’t get many visitors on my blog.

    Is there anything I can do? I already contacted the guy who owns the site but haven’t heard back. ??

    Any suggestions?
    amy

Viewing 7 replies - 16 through 22 (of 22 total)
  • haha yeah i musta skimmed over all the technobabble in that post ??

    “Generally true, however 2.0.2 doesn’t have any easily exploitable security holes if you don’t allow user registrations, and there are good reasons to not upgrade to 2.0.3 or 2.0.4 yet.

    If he didn’t allow user registrations, he was probably hacked via a different approach.”

    whatever, im off to work!

    Consider the possibility that wordpress is secure and that your database is not.

    If someone has access to let’s say PHPMYADMIN or similiar and knows you database login he/she can easily alter your blog without even touching wordpress.

    A good way of securing your databases is to use a different user for everydatabase and use some megadificult username and password. It’s not like you use those logins everyday to login manually so it doesn’t really matter what it looks like.

    Another thing you could do is pervent access to phpmyadmin from the internet if youre running the server from home.

    Im not saying phpmyadmin or any admin program/script is insecure, but consider the possibility…. afterall they too use a password and username YOU made up to use it.

    Otto42 – could you expand on what you mean by this? Thanks

    ‘getting in via somebody else’s site on a shared system, myself. That’s the most commonplace approach, I believe.’

    Mostly I think all your website was hacked via sharing host. That is pretty easy if your hosting company turn off “safe mode” on the web server.
    With some local hack tools “rem…” or “telnet” …. lol. Nothing is impossible.
    Just back up your database daily, update often your website source and waiting for hackers visit your website ??
    That’s what Im doing….
    oh, one more thing, please set all your files/folders to 644/755. Do not set 777 for your files or folder (you have to do this if you want to upload files from your computer to your web server via website). It’s the most dangerous things you should not do.
    Another tip that you can encode your config.php by zend encoder. I think it will be safer because it’s really hard to decode config.php file and hacker will not know your database password …..
    If hacker can hack the whole web server, we have nothing to do which this…. just ….. get lose.

    Thanks, you’ve given me plenty to think about!

    I also just received the log files from the event. Seems as far as I can tell to start with:

    https://www.google.co.uk/search?hl=en&q=mywebsite&meta=”

    Interestingly, it’s a BTinternet machine running W98.

    Judging by the above post this is someone checking my WP version? Then I get a load of entries where he/she is, I guess, posting their own stuff on my site through /img/edit.gif and /bcvb.css and such like.

    He? GIF and CSS files? Is that the referer?

Viewing 7 replies - 16 through 22 (of 22 total)
  • The topic ‘Someone has HACKED my blog’ is closed to new replies.