Hacked…

June 24th, 2005 at 02:05pm

This blog was hacked by some soul(s) yesterday night! (around 3.30 AM IST), while i was in deep sleep. The blog home page was defaced. But the contents were kind of intact.

Was able to restore most of the things in less than 10 mins. But only after i was woken up in the morning at around 7.30 AM!

Ok. Now coming to how it happened…

One thing for sure… it was my mistake. I had given some stupid permissions on some folders on my site for some test purpose. I had forgot to remove those permissions. I am still not sure if its a security issue with WordPress. Have posted on WP forums about the problem.

Atleast 2 IPs were involved in the hack. They managed to create new wp users, gain admin access to WordPress, and then enabled file uploads in WordPress. Once that was done, they uploaded files (php based file managers, database access etc etc), which would enable them look on to the filesystem, database, and do more stuff.

They played around a bit, but luckily, they didn’t cause any damage. I am almost done with the cleanup now.

Will post more if something new turns up!

Update : 1 Mostly looks like its got to do with the security issue in WP 1.5.1.1 which was patched in v1.5.1.2. So, upgrade your WP setup if you havent done it so far ASAP!!.

Update : 2 I have installed some new set of plugins to increase security. Contact me if you are facing any problem acessing the site.

Update : 3 Found exactly how they broke in…. If you are intrested, let me know. Will share the details. The hack won’t work in 1.5.1.2.


Tags: , , ,

Entry Filed under: Net

Got some work.. One more weekend got over..

18 Comments

Pages: « 1 [2] Show All

  1. 11

    Rj: resent the mail to your new(proper) id.

    Comment by Arjun — June 26, 2005 #

  2. 12

    ->To Eliminate Pakistan from the world map
    ->To see India in a position better than other advanced countries like US

    Looking at the above on your website, no wonder it was hacked! In fact i’d say you were pretty lucky man…

    Comment by Friend Indeed — June 30, 2005 #

  3. 13

    @Friend Indeed : ……well, may be i was/am lucky.

    But I did a log analysis of hack. The hacker(s) ended up on this site by doing a google search for “WordPress 1.5.1.1″, and one of my post turned up in the top 10 results.

    Comment by Arjun — June 30, 2005 #

  4. 14

    Your hacker was more polit thaen the guy who hacked my 1.5.1.1 a month back. That was just the day after the update was released.

    Comment by Abhinav — August 19, 2005 #

  5. 15

    Ahinav, This guy did not do much damage, but even to date, ie, almost 2 months now, he/she keeps visiting the site.

    Actually, these people had uploaded some php pages, which would allow them to access my site later on. (like a backdoor). I have removed it, but this guys keeps coming back every couple of days.

    btw, fyi, this guy’s IP points to Pacific University.

    Comment by Arjun — August 21, 2005 #

  6. 16

    Hi Mr. Prabhu,
    I am prashanth from Hyderabad – a native of mangalore. Nice to visit your blog and interesting to see your articles. well, can you give me some details on this post, as well as other such details.

    Nice to know another mangalorean on the net. All the best.
    _Prashanth CM

    Comment by Prashanth Chandra M — November 18, 2005 #

  7. 17

    Prashanth : can you let me know what details you are exactly looking for ?

    Comment by Arjun — November 24, 2005 #

  8. 18

    [...] by my past experience, its always good to keep WP [...]

    Pingback by Upgraded WordPress » Arjun's Home — May 6, 2007 #

Pages: « 1 [2] Show All

Sorry, the comment form is closed at this time.


Most Recent Posts

Categories

Monthly Archives