Solved!
Short post. Just got one of my blogs hacked. Only one blog and I only lost one post since I do backups. Some people. But only at the blog level because hey, other sites on that account are still active. I am refraining from commenting any more for fear of repercussion.
So its good to do complete database backups with a frequency equal to the frequency of posts. I am starting to wonder about WordPress now. I used to run a site using PhpNuke that got hacked weekly due to a security issue in it. I am going back to WordPress there, but will be looking further into Drupal to see if it is more secure.
Just a minor setback. Big enough to possibly put off the post I was going to do today until tomorrow.
No, I am going to comment. Hey, Refresh, if that’s your first name, is it fun acting like a juvenile. Well, I didn’t think of it. You probably are. Some fourteen year old sitting in a cave screwing with sites that don’t matter anyway. Guess what. I was having issues with that installation. Now I can wipe it clean and install my backup. Sorry for your luck. How long were you to fly your flag? A few hours. Well, it’s gone now buddy.
UPDATE
Here is the name of the person who owns the domain where his files are hosted:
person: Alexander Shakh-Nazarov
phone: +995 32 920000
e-mail: shakh@caucasus.net
nic-hdl: AS2778-RIPE
address: Caucasus Network
address: 42 Rustaveli ave.
address: Tbilisi, Georgia
One of the files was pulled from a .ge domain which I can’t find a whois for.
zhani-kalandadze.ge
Anyone want to email him, do so here: Refresh_Destroyier@Yahoo.Com
Down to one post lost. Thank god for full feeds and Zimbio.
UPDATE
Figured it out. He snuck in through a WordPress Forum plugin and he keeps trying it. See the last comment.
Jeremy
Stephan,
I have twice had to clean up after his headache. Refresh has hacked my blog twice, and I have no clue why or for what????
There are 219K results for his hacking handle:
http://www.google.com/search?q=Georgian+Hacker&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
I have a feeling he is using a WP exploit to get in.
Anyone else have success? This guy is ruining my weekends…grrrrrrrrrrrrrrr.
Best,
Jeremy
Stephan Miller
Twice. That sucks. I am not sure how he got in.
1. He edited my stylesheet
2. I am not sure he deleted posts. I rebuilt so quick I forgot to investigate it further. But my last post before the hack still shows up in Google with his name attached, so maybe he didn’t. Hey, Google, I need indexed over there. So maybe I just thought he deleted them.
It has to be an exploit or else he could have done more damage if he was actually poking around in my admin. But I am not sure. That’s why I threw up a Google flag
once it happened. Now I randomly rank #1 for his name, depending on the ranks of the blogs he hacked that day. LOL
It seems it’s not just WordPress blogs he hit either. Some seem to be forums and other sites. I am not up on if he could somehow edit the stylesheet because of a chmod issue or even sure how that works.
It only took an hour or so for me to rebuild, but you are right. It sucks. Someone has to have investigated this further and I will leave the flag up here.
Why do people graffiti objects they don’t own? About the same question.
Stephan Miller
I did have a WordPress forum installed.
And since shutting it off, I have had multiple searches looking for the exact phrase that is listed in the forum.
Here is a little bit of detail on that:
http://weblogtoolscollection.com/archives/2008/01/21/wp-forum-plugin-security-bulletin/.
So I think this is the answer.
Colin Walker
Glad it wasn’t to painful for you Stephan.
Stephan Miller
Me too. I just wanted to get the word out. I still rank #1 for his name in Google. So I had an obligation to track the issue down, at least in my mind.
He is still hitting the same blogs over and over because they don’t know he got in through the forum.
Making Sales Making Money
Stephen , thanks for the information, recently learned my own lesson about backing up database
Making Sales Making Money’s last blog post..Define your Niche, Stay in Your Niche
Jeremy
I too deactivated WP Forums, sad… it was a great simple and easy to implement add on. Hopefully the Plug in author modifies the code so we all can use it safely.
Stephan, thanks again for all your hard work.
Best,
Jeremy
Jeremy’s last blog post..Importance of Keywords in PPC
Stephan Miller
I just happened upon that post about it and checked out a few sites and all the sites I found had that forum plugin. Plus the guy hit my site a few days ago searching by the authors link anchor after I had uninstalled it.
MorganLighter
It’s pretty sad when miscreants like this prick spend their time in destructive endeavors. Believing in karma, what comes around goes around and one day he’ll get his.
Tutorials
Woah, this really sucks.
From what I’ve heard wordpress gets hacked quite frequently.
Stephan Miller
Plugins are a big cause sometimes. Anything that is a target will get hacked.
Dom
wow, thats bad.
sucks
i think wordpress needs to update and upgrade its security, gets hacked into too much.
Stephan Miller
Luckily this happened a while ago and was due to a plugin, not the the WordPress installation itself.
bobby
nice details in the article .. thank you
Malicious
I agree! I do backups instantly on my blog as well, what i could suggest is to add additional security software to protect the script if possible (PHP 5.2.x required). I recommend phpids for this! It secures your script against many common attacks like sql injections or xss attacks, really worth a try since its free as well;)
Stephan Miller
Thanks man. Will check it out.
superhacker
thanks for the reminder to do another backup
superhackers last blog post..I imagine that right now, you’re feeling a bit like Alice. Hmm? Tumbling down the rabbit hole?
rastov
someone took my chip just like thts..i lost all i win,so i want bck..can u teach me how to hack someone…i got hack before,,then i make new acct again..then i losing my chip again..grrr help me ok..