Webmaster Forum

Go Back   Webmaster Forum > Web Development > Blogging Forum

Blogging Forum Discuss general blogging issues here - design, integration, posting, trackbacks, ETC. Also discuss blogs you like.


Closed Thread
 
Thread Tools Display Modes
Share |
  #1  
Old 06-18-2012, 04:47 AM
klbj7374 klbj7374 is offline
Junior Member
 
Join Date: 11-04-11
Posts: 7
iTrader: 0 / 0%
My Wordpress User name and Password were hacked. what should I do now?

Hi all,

I have a small blog. Recentrly when I tried to login to my Wordpress, It was not letting me log in. I logged in to my cPanel and checked Users database to find that my username was changed to 'admin' and the password was also changed. The email ID was also changed to something else. In remarks column it was written 'Bangladesh Cyber Army'. I changed the username and email Id and retrieved temporary passwrod to my email Id and changed the password again.

Though the username, password and email id were changed, no content on the site was changed. No posters of Bangladesh Cber Army were put up on my blog.

I have Limit Login attempts. I set it to lockout IP after 3 attempts. I am surprised how it was done.

I am afraid of any tracking code hidden in my template. My .htaccess is protected my Bullet Proof Security.

I want to know a few things.

1. How were the username, password and email Id were changed?

2. What should I do now? Changing the template of the site is enough? or remove all the content and reinstall wordpress? ( My site has only a few posts).

Please guide me.

thank you.
 

Advertisement

Advertisement

  #2  
Old 06-18-2012, 11:43 AM
Laura B's Avatar
Laura B Laura B is offline
Contributing Member
 
Join Date: 08-04-10
Location: Michigan
Posts: 74
iTrader: 0 / 0%
I would contact your hosting company; they may be able to help you get rid of the intruding code.
 
  #3  
Old 06-18-2012, 01:19 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
Quote:
I am afraid of any tracking code hidden in my template. My .htaccess is protected my Bullet Proof Security.
Using FTP software you can compare your backup copy of the site on your computer with the copy on the web server. Any file changes you did not make should be checked.

Even if you don't have a backup copy on your computer (you really should. You just demonstrated a reason why by starting this thread) you can still use FTP software to look at the files on your web server to see what has changed that you did not do.
 
  #4  
Old 06-18-2012, 01:26 PM
robjones's Avatar
robjones robjones is offline
v7n Mentor
 
Join Date: 09-15-09
Location: Texas
Posts: 9,680
iTrader: 0 / 0%
If you have your login set to lockout after a few failed attempts you probably were not hacked, they had the Username and password via fisching. I'd check my hard drive for signs of malware.
 
  #5  
Old 06-19-2012, 02:52 AM
klbj7374 klbj7374 is offline
Junior Member
 
Join Date: 11-04-11
Posts: 7
iTrader: 0 / 0%
Thak you very much for your responses and suggestions.

Htmltutor: I will try to compare the codes as you suggested. I did not know that method. :-;.

robjones: If my password was stolen by way of phishing, My other email ids could also be hacked. I check my hard drive very often for malware. My antivirus and anti spyware software said may system was clean.

Still Can't understand how it was hacked. Stopped posting to my blog for now !! :-(

thinking to change the template....
 
  #6  
Old 06-20-2012, 02:56 AM
klbj7374 klbj7374 is offline
Junior Member
 
Join Date: 11-04-11
Posts: 7
iTrader: 0 / 0%
I think it was a bug in Limit Login Attempts that allowed retries even after a lockout. This was admitted by the developer himself. See this link. At Post no. 6.

http://wordpress.org/support/topic/s...ckout-bypassed

Perhaps that was how my username and password were cracked. (My Password is tough of course.... with some special characters, nos and Upper Cases... )

Or it could be through SQL Injection....?
 
  #7  
Old 06-23-2012, 12:22 PM
Dean Saliba's Avatar
Dean Saliba Dean Saliba is offline
Junior Member
 
Join Date: 04-23-08
Location: London, UK
Posts: 25
iTrader: 0 / 0%
If they changed the items on your MySQL database then surely klbj7374 should be looking into how they got into his/her host account instead of your Wordpress account?
 
  #8  
Old 06-23-2012, 02:19 PM
snakeair snakeair is offline
Super Moderator - Rest in Peace 2018
 
Join Date: 12-31-07
Location: Medford, NJ
Posts: 54,771
iTrader: 3 / 100%
Quote:
Originally Posted by klbj7374 View Post
I think it was a bug in Limit Login Attempts that allowed retries even after a lockout. This was admitted by the developer himself. See this link. At Post no. 6.

http://wordpress.org/support/topic/s...ckout-bypassed

Perhaps that was how my username and password were cracked. (My Password is tough of course.... with some special characters, nos and Upper Cases... )

Or it could be through SQL Injection....?
This is a good plugin to use for blog security.

http://wordpress.org/extend/plugins/...roof-security/

Did you end up changing your theme?

Also make sure your WordPress version is up to date and also all of your plugins.

Keep an eye on this sticky thread, HTML updates it with security alerts for WordPress to check out.

Go to page 3 because in the past few days she posted some security alert's. Sometimes plugins are marked as a security threat and it's good to know about this to disable the plugin till the developer fix's the issue.

http://www.v7n.com/forums/blogging-f...ml#post1324120
 
Go Back   Webmaster Forum > Web Development > Blogging Forum

Closed Thread


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
3 Questions About Hacked Wordpress Sites tdot55 Coding Forum 5 10-24-2011 10:54 AM
New wordpress vulnerability - many wordpress blogs hacked pratish7 Blogging Forum 2 09-14-2010 08:04 PM
Wordpress blog hacked again! jamshed_11946 Coding Forum 1 08-05-2010 09:52 AM
What Can I Use To Detect WHICH User has given username/password to others albatros Web Usability 7 05-18-2010 10:06 AM
Password Retrieval for userís module in Openx adserverexpert Marketing Forum 0 12-13-2008 01:17 AM


V7N Network
Get exposure! V7N I Love Photography V7N SEO Blog V7N Directory


All times are GMT -7. The time now is 11:18 PM.
Powered by vBulletin
Copyright © 2000-2014 Jelsoft Enterprises Limited.
Copyright © 2003 - 2018 VIX-WomensForum LLC