Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

I got hacked... ah crap

  • 14-07-2010 9:23pm
    #1
    Moderators, Motoring & Transport Moderators, Music Moderators Posts: 12,781 Mod ✭✭✭✭


    So a site I did for a friend has just been hacked. It's for his car repair business. Just a wordpress site but many hours gone into it.

    I just went to the site and now all that is there is this:

    120252.jpg

    I'm going to get him to call his hosting company tomorrow and see what the story is, but how does this happen? It's just a basic site to give him a web presence, I cannot understand why anyone would want to hack it.

    The wordpress login page is still there but the passwords have been changed.


Comments

  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    Zascar wrote: »
    So a site I did for a friend has just been hacked. It's for his car repair business. Just a wordpress site but many hours gone into it.

    I just went to the site and now all that is there is this:

    120252.jpg

    I'm going to get him to call his hosting company tomorrow and see what the story is, but how does this happen? It's just a basic site to give him a web presence, I cannot understand why anyone would want to hack it.

    The wordpress login page is still there but the passwords have been changed.

    Its unfortunate, there are scumbags out there unfortuneately and a out of date install/module could have weakened the sites security, to reset the password in the database try THIS but those guys probably added lots of other virus trojans and other crap into the sites db & source, you may need to go back to a backup unfortuneately, your web host may have a backup for you, make sure you take all steps to secure it if they do to prevent this again, also make sure directory permissions are set right, and use 644 permissions over 777 if you can for folders needing read/writing

    Nick


  • Closed Accounts Posts: 145 ✭✭WebGeek


    I feel your pain. One of my sites was hacked a few years back but it was an idle undeveloped site. I learned my lesson from it though. I never use the default username (like admin) and use stronger passwords but they don't have to be over the top.

    Also a good idea not use test installations of software in separate folders in your server directory. Hackers use these as a gateway to the shell prompt by hacking the vulnerabilities in older (un-updated) software.


  • Registered Users, Registered Users 2 Posts: 1,802 ✭✭✭cormee


    My condolences.

    This happened me a few years ago too. I'd spent about 4 months building a site. It was ready to launch, so I took a holiday to celebrate, when I got back it was gone, completely disappeared. The hosting company shut down the site until they could find out what had happened, they never did, and the makers of the software behind it were completely disinterested.

    4 months down the drain just because some pasty-faced little pissant felt he could compensate for his social inadequacies by destroying something someone else had created.


  • Registered Users, Registered Users 2 Posts: 19,049 ✭✭✭✭murphaph


    would it not be standard practice to have a copy of all files saved locally so you can simply replace them if they get hacked/deleted etc? we have a test server and a live server in work here. We have everything on the test system that runs on the live so if the live was hit by a bolt of lightning etc. we could just redeploy from the test.


  • Registered Users, Registered Users 2 Posts: 4,719 ✭✭✭Bacchus


    murphaph wrote: »
    would it not be standard practice to have a copy of all files saved locally so you can simply replace them if they get hacked/deleted etc? we have a test server and a live server in work here. We have everything on the test system that runs on the live so if the live was hit by a bolt of lightning etc. we could just redeploy from the test.

    My thoughts exactly. Just keep everything backed up.

    That sucks though what happened to your site.


  • Advertisement
  • Closed Accounts Posts: 24 zoudards


    some people think they are feckin' smart .. cyber vandalism ... the charter forbids me to write what I truly think about that kind of behaviour ... >:(
    I feel your pain Nick ...


  • Registered Users, Registered Users 2 Posts: 1,517 ✭✭✭hadepsx


    absolute asshuuls, f ing geeks/nerds got nothing better to do. ur gonna have to start again with better secuirity, obviously:(


  • Moderators, Motoring & Transport Moderators, Music Moderators Posts: 12,781 Mod ✭✭✭✭Zascar


    I was just planning on upgrading to Wordpress v3 this weekend too. It was on 2.9 anyway so not sure how they got in really. Hopefully won;t be too much work to get it back online.

    If it is all gone and I have to build again, I was thinking of trying to find the old site on Google's cache. However, I cannot find it at all - unless I'm looking wrong.

    I never did any work on seo really as it just was not necessary, the site was not there to attract new business via web searches etc - just as a point of reference for existing customer etc.

    Any idea how I can check if there might be a cache'd version of the site anywhere?


  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    Zascar wrote: »
    I was just planning on upgrading to Wordpress v3 this weekend too. It was on 2.9 anyway so not sure how they got in really. Hopefully won;t be too much work to get it back online.

    If it is all gone and I have to build again, I was thinking of trying to find the old site on Google's cache. However, I cannot find it at all - unless I'm looking wrong.

    I never did any work on seo really as it just was not necessary, the site was not there to attract new business via web searches etc - just as a point of reference for existing customer etc.

    Any idea how I can check if there might be a cache'd version of the site anywhere?
    Who is your hosting provider? Sometimes they can be at fault aswell, also try and remove powered by wordpress etc from your site as these hackers probably find vunerable sites through google that way, also check out your permissions set on the server, this could also be a issiue, youd probably be able to re-use the database once you do the thing i mentioned above changing the password, but you would need to be sure there is no vunerable code or stuff in it, try the wordpress forums see if they have a security forum you could get more advice in

    Nick


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 16,414 ✭✭✭✭Trojan


    Couple of ways to deal with this. If you have a known good backup, then use that. (if not, install BackupWordpress next time - set it to email backup to a gmail account).

    You need to get in to the database (usually via control panel), back up the database (label it clearly as the hacked version), then reinstall WP from scratch, after changing DB passwords etc. Then re-import the posts and pages after setting it up, but don't import users. Then go and ensure all content is clean.

    You might find this useful: http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

    Post specific questions and we'll answer.


  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    Am I being naive to think that using a htpasswd file on the admin folder can cut down these hacks considerably?


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    eoin wrote: »
    Am I being naive to think that using a htpasswd file on the admin folder can cut down these hacks considerably?
    Would be no harm but that's http authentication. Still doesn't stop someone executing a script with dangerous permissions in some other directory causing destruction or FTP access.


  • Registered Users, Registered Users 2 Posts: 7,468 ✭✭✭Evil Phil




  • Closed Accounts Posts: 24 zoudards


    if you go down the search results you just posted ... you can find this website :
    http://inj3ct0r.com/

    It seems to group exploits people have found .. "for educational purposes" that idiot's name is in there .. might be useful to check if your system is in there and what the exploit might be ...


  • Moderators, Motoring & Transport Moderators, Music Moderators Posts: 12,781 Mod ✭✭✭✭Zascar


    Would they have done that manually or did they create a script or something to do it? What is the best way to protect against this happening again?


Advertisement