wordpress blog hacked.. help required

Discussion in 'Chit-Chat' started by swordfish, Aug 18, 2009.

Thread Status:
Not open for further replies.
  1. swordfish

    swordfish Somebody stop me...

    Joined:
    May 8, 2008
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    Guys, today morning when I tried to log in to dashboard of my newly created blog, I was not able to log in. then I thought that it might be because of yest day's drink and I might have changed it ;) but then i tried to recover my password and to my surprize there was no user in wp-users table !!!
    I created one and login finally.
    I checked a draft post saying that "Defaced By D(R40L)Z" with some f*cking algeria flag.

    How could have he done that? I checked wp-config.php file with some strange password and as he was able to log in to data base with this pass that means he has access to database !!

    guys I need your help to secure the blog.

    Here many people have blogs since long time so they might have idea redarding this..

    First question is what permission should be applied to all files in webserver?
    Second, how to secure database ?

    PS : I dont know if this is correct forum to post? I didnt find specific forum for this kind of discussion
     
  2. thewisecrab

    thewisecrab AFK

    Joined:
    Oct 13, 2006
    Messages:
    1,597
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Bombay
    Your first step should be contacting the support team of your web host, see what they say/can do
     
  3. OP
    OP
    swordfish

    swordfish Somebody stop me...

    Joined:
    May 8, 2008
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Mumbai
    Ok.. I will do..
    what permission do you keep for your files? eg 755 or 644 or ?? If i restrict the premissions then web server cant read the site at all..
     
  4. adi007

    adi007 New Member

    Joined:
    Sep 10, 2007
    Messages:
    713
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    hassan
    First restore old backup of the site if available
    Second install wordpress security check plugin and do all the things that it says
    third protect your wp-admin directory using .htaccess .. use google to know how ..
    fourth google for wordpress security and browse some tutorials .. i personally like the wordpress docs entry about this
     
Thread Status:
Not open for further replies.

Share This Page