Warning: Creating default object from empty value in /homepages/13/d149052664/htdocs/wp-content/plugins/hybrid-hook/hybrid-hook.php on line 121
Got Hacked

Warning: Illegal string offset 'echo' in /homepages/13/d149052664/htdocs/wp-content/themes/hybrid/library/extensions/custom-field-series.php on line 82

24 responses to “Got Hacked”

  1. SnooSnoo

    Oh wow, that must suck. Good that everything is back in order again. I don’t change my passwords too but I do scan for malicious ware regularly. Then again I don’t have a pretty blog like this so I guess thats okay XD

  2. Kabitzin

    Glad you’re back. Damn hackers…

  3. omo

    Are you on shared hosting? Sometimes when you’re hacked it might be due to someone else being hacked. Talk to your ISP if you’re really paranoid about it :3

  4. Belela-san

    That sucks really bad…

  5. Hirvine

    It becomes more often I see wordpress bloggers get hacked (me too several weeks ago). Replacing all your files with the original, take a look in the database and a scan should do the trick. You should also search for malicious files which doesn’t belong to WordPress.
    I had a `cache.php` file in ‘wp-contents/plugins/’ which was a compressed script. The script gave access to my filesystem, shell and database without any passwords. :/
    I hope you don’t have it, it’s scary.

  6. Gargron

    You didn’t tell what exactly the hackers did, I’m curious. As for what to do else, I know a plugin called WP Security Scan, it should close all doors to your system. (I don’t know the WP Exploit Scanner plugin though, it may be already enough).

  7. Deranged

    Sad to hear, but glad to hear you are back and on top of the problem. XD

  8. meronpan

    damn that sucks… glad you’re back online without any problems. i guess that’s one of the benefits of remaining on wordpress.com ^^; well, assuming they can keep the site secure…

  9. ron~

    glad you managed to restore all.. dunno why the hackers even bother to hack a blog.. there’s nothing here worth money for them @_@

    hmm did you manage to get the hackers IP?

  10. Keonyn

    That’s a real bummer, it’s unfortunate that some of these people have nothing better to do than hack someones anime blog. Glad you were able to restore everything without too much difficulty. I keep constant backups of my databases and files just for that reason.

  11. phossil

    Was the restore difficult? I dont know if WP has some way of doing a periodic backup for this cases…

  12. Titan_X

    You might want to contact your web host and ask them if the MySQL database is on another server, and if it is, is it firewalled so only the web server can communicate with it?

    This is a pretty common exploit, and thankfully not that difficult to prevent. Good luck to ya. :)

  13. zenical

    glad that you fixed it. I remember one of my friend’s blog being hacked and it sorta gave everyone warnings that its dangerous lol

  14. RyoBase

    Oh my! Good thing that you’re back online and nothing much serious. I saw some people had a hard to make everything back to normal.

  15. Blowfish

    Wow seems you were pretty lucky in this unlucky situation!
    Any Idea how this might have happened?

  16. Persocom

    Glad nothing serious happened. I never heard of wordpress blogs being hacked until now. I guess I should change up my password now too as an extra precaution.

  17. Hontou ni Fort Knox this isn’t | hontou ni sou omou?

    [...] recently, super rats reported that Happy Soda had been bot-hacked. A few weeks ago, my anti-virus program stopped me from visiting Mega Megane Moé [...]

  18. mijk

    It is possible that your saved FTP password in your FTP client were stolen by some malicious code coming from e-mail etc. (worst case is Total Commander – its FTP config file is often a target of lot of mailicious sw), this is most common case (then attacker modifies some template files like footer or header and put there some iframe with/or obfuscated code).

    Just try to avoid saving FTP passwords or use some strong password manager for keeping those and filling forms for you instead of saving it directly in FTP app (there is lots of password managers – depending on OS you are using).

    I also recommend you to hide WP version you are running and rsd and wlwmanifest if you are not using Windows Live Writer or other external thing to publish – just by putting these three lines:

    remove_action('wp_head', 'wp_generator');
    remove_action('wp_head', 'rsd_link');
    remove_action('wp_head', 'wlwmanifest_link');

    at the end of functions.php in your theme directory, just before last php closing tag – ?>

    - it will (partly) prevent attacker from getting to know which version you are running (secondary you need to apply your own login style, since it is changing almost with every version it is easy to guess wp version by its style).

    BTW do not upload readme files (even to plugins) etc., it is easier for hacker to get wp version directly – see http://www.happysoda.com/readme.html or http://www.happysoda.com/readme.txt

    Also create new admin account with some different name than “root”, “admin” or “administrator” and after creating this admin accout log in to it and then delete “admin” account. WP will ask you what to do with posts, pages and stuff, created by admin. You can convert those to your newly created account just by selecting account from selectbox.

    Good luck and happy blogging!

    PS: Excuse my language, I am not native EN speaker.

  19. mijk

    Btw: If you are using some Flickr or Twitter plugin somewhere at your web, then use only first line (wp_generator) to be able to get those plugin data into WP ^_^ otherwise those plugins may not work.

  20. mijk

    First part of my comment:

    It is possible that your saved FTP password in your FTP client were stolen by some malicious code coming from e-mail etc. (worst case is Total Commander – its FTP config file is often a target of lot of mailicious sw), this is most common case (then attacker modifies some template files like footer or header and put there some iframe with/or obfuscated code).

    Just try to avoid saving FTP passwords or use some strong password manager for keeping those and filling forms for you instead of saving it directly in FTP app (there is lots of password managers – depending on OS you are using).

    I also recommend you to hide WP version you are running and rsd and wlwmanifest if you are not using Windows Live Writer or other external thing to publish or suck data – just by putting these three lines (if you are using Flickr or Twitter or other plugins, use only first line):

    remove_action('wp_head', 'wp_generator');
    remove_action('wp_head', 'rsd_link');
    remove_action('wp_head', 'wlwmanifest_link');

    at the end of functions.php in your theme directory, just before last php closing tag – ?>
    - it will (partly) prevent attacker from getting to know which version you are running (secondary you need to apply your own login style, since it is changing almost with every version it is easy to guess wp version by its style).

    BTW do not upload readme files (even to plugins) etc., it is easier for hacker to get wp version directly – see readme.html or readme.txt in root of your website…

    You can also create new admin account with some different name than “root”, “admin” or “administrator” and after creating this admin accout log in to it and then delete “admin” account. WP will ask you what to do with posts, pages and stuff, created by admin. You can convert those to your newly created account just by selecting account from selectbox.

    Good luck and happy blogging!

    PS: Excuse my language, I am not native EN speaker.


Warning: Illegal string offset 'status_txt' in /homepages/13/d149052664/htdocs/wp-content/plugins/share-and-follow/share-and-follow.php on line 1938

Warning: Illegal string offset 'status_txt' in /homepages/13/d149052664/htdocs/wp-content/plugins/share-and-follow/share-and-follow.php on line 1938

Warning: Illegal string offset 'status_txt' in /homepages/13/d149052664/htdocs/wp-content/plugins/share-and-follow/share-and-follow.php on line 1938