June 24th, 2005 at 02:05pm
Was able to restore most of the things in less than 10 mins. But only after i was woken up in the morning at around 7.30 AM!
Ok. Now coming to how it happened…
One thing for sure… it was my mistake. I had given some stupid permissions on some folders on my site for some test purpose. I had forgot to remove those permissions. I am still not sure if its a security issue with WordPress. Have posted on WP forums about the problem.
Atleast 2 IPs were involved in the hack. They managed to create new wp users, gain admin access to WordPress, and then enabled file uploads in WordPress. Once that was done, they uploaded files (php based file managers, database access etc etc), which would enable them look on to the filesystem, database, and do more stuff.
They played around a bit, but luckily, they didn’t cause any damage. I am almost done with the cleanup now.
Will post more if something new turns up!
Update : 1 Mostly looks like its got to do with the security issue in WP 188.8.131.52 which was patched in v184.108.40.206. So, upgrade your WP setup if you havent done it so far ASAP!!.
Update : 2 I have installed some new set of plugins to increase security. Contact me if you are facing any problem acessing the site.
Update : 3 Found exactly how they broke in…. If you are intrested, let me know. Will share the details. The hack won’t work in 220.127.116.11.
Entry Filed under: Net