WordPress 2.8.4 Hacked

I use who is online, not sure if that could be aproblem.

My site had the same hack….you don’t happen to use SMF for a forum do ya? I got hit hard through SMF and it dirtied up all my software.

Also, there are various ways you could be hacked. Did you start with 2.8.4 or have you been using WP for a while? A previous version could’ve gotten hit. Or, if you are on shared hosting, it could’ve come through someone else’s insecure software.

Good luck getting it cleaned, you’ve gotta do that asap…it’s a pain.

Everything you need to know is here: How to Completely Clean a Hacked WordPress Install.

Same thing happened to me…still working on them.

I see when my sites load it say: tumatehuala.com

I’m guessing that’s the hacker? Do you see this as well? It’s not a plugin. I’ve deleted all plugins and uploading fresh 2.8.4

the best thing is to reinstall WP, clean your theme, and reinstall ALL plugins with fresh downloads.

You may also have to look around for strange named files. I had files that weren’t part of WP in my directory that I had to get rid of…..

it got confusing for me as 2 different software packages got hit…and between the 2 of them they messed up every file I had.

Luckily I had a backup from only a week ago. I have restored it and changed my passwords. Much quicker than re-installing everything (provided I wasn’t infected back then), but I am pretty confident. Lesson learnt….backup….backup….backup.

Same thing happened to me. Is there not a risk that there is still something suspicious in the database? I replaced all files one evening, and the hack reappeared the next evening…

proudspark
database will definitely need to be cleansed

Hello Moderator,

Is there no possible way to protect WP 2.8.4 without upgrading ?
And how can someone modify code in my php files when the only ways to edit them are FTP to the server and/or have Admin access to WP [given that no one knows admin access credentials to WP Login /FTP ) ?
Thanks.

The only way to protect the 2.8.4 version would be for you to include yourself all the security fixes which were introduced since then. Because this becomes increasingly difficult as the versions move forwards, this is the reason why instead it is better to upgrade.

People can edit your files or otherwise hijack your system by exploiting these bugs. They do not need to have your FTP details.

Thanks Mr Mist.
Could you point me to a certain resource that describes how these changes can be done manually.

Thanks.

Hi, no I cannot. I’m afraid that if you wished to do that it would be down to yourself to scour the changeset history.

The core team attempted to keep a stable branch maintained with security fixes for a while with the 2.0.10 version, it didn’t work out, though.

Realistically you are best upgrading and trying to adapt things that might not work. You’ll probably expend less effort overall, too.