The MU forums have moved to WordPress.org

Hacked by Kartal (8 posts)

  1. kwatog
    Member
    Posted 17 years ago #

    I checked my site this morning and found out that it is hacked! I'm not sure how that script kiddies got my ftp password but I'm currently searching for the files that moron modified.
    Any help?

  2. kwatog
    Member
    Posted 17 years ago #

    oh, i just found out that my wp_config.php was replaced.

  3. xiand0
    Blocked
    Posted 17 years ago #

    PLEASE take a look at your logs and see if you can find ANY hint or clue on HOW you got hacked. Please. It would really help.

    Also, what WPMU version are you/were you using?

    One little related detail here, for all you WPMU admins out there..:

    Most themes has this incredibly stupid code in the header.php:

    <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /> <!-- leave this for stats please -->

    ...which is the most foolish piece of php code and the most foolish encuragement every. Seriously. It's so stupid it's not even funny.

    If it's not obvious to you WHY this is so stupid that it's amazing people leave this bullshit hacker invitation there: Go search google "wordpress exploit", pick any of the litterally dozens of exploits who are available for various old WP/WPMU versions, then just search for random blogs running old exploitable versions.. There's phpBB worms who spread by sending search engines queries for infectable versions. Allowing anyone to find your webpage by searching for the CMS-system used is extremely dumb to begin with, allowing people to search for the exact version you're using is even more stupid.. even showing exact WPMU version in the footer of your sites admin area is stupid, but that's way safer since it requires the cracker to already having found your site and also it requires the attacker to have created an account, etc. But allowing people to just search for your blog? darn stupid...

  4. lunabyte
    Member
    Posted 17 years ago #

    Gee, tell us how you really feel?

  5. gumdrop
    Member
    Posted 17 years ago #

    April Fools? ;-{}

  6. drmike
    Member
    Posted 17 years ago #

    Actually I agree that bit about displaying the version number is stupid and is a security issue. You'll note that both phpbb and phpNuke have removed this eons ago when folks started getting hacked over it. And we all know how unsecure phpNuke is. *sigh*

  7. lunabyte
    Member
    Posted 17 years ago #

    I agree, but I disagree too.

    Perhaps the specific version, but when a simple link is the only way for a great project to spread the word about itself, it isn't "that" bad of a deal.

    Unless you write a nuke flavor, and if someone does, may God have mercy on your soul. lol

  8. kwatog
    Member
    Posted 17 years ago #

    thanks for those who replied.

    the site was http://privateshelter.com/scaredcrow

    It's a test site where I transferred my blogs and hopefully for my friends, too.

    I was able to put back my old wp-config.php but I still get the error below when i try to go to the admin page

    Warning: Cannot modify header information - headers already sent by (output started at /home/privates/public_html/wp-config.php:31) in /home/privates/public_html/wp-includes/pluggable.php on line 384

    Got some info from the other threads here but haven't really got to dig into it as I was busy with something else.

About this Topic