This is going to be a bit of a techy post but if you blog it is an important one.
A few months ago I had someone from Russia hack a site targeted to Christian youth. They used an exploit in the website to takeover my site and plaster every page with the most horrible hardcore gay pornography and slurs against Christians. I am not sure how long the site had been like that before I found it.
I have around 30 websites give or take. On them, I have a half dozen or so Wordpress installs. Between those installs I have a gaggle of plugins. In the past I was not that diligent about updating every WordPress install and plugin. I have repented of that and you should also.
Hackers are always looking for a hole to exploit on your server and they have found plenty of them on mine. In the past year hackers have hijacked my server to relay emails all over the world for a variety of products. I am confident that I personally would not endorse any of them. When I finally found the root of the problem, my server was relaying over 30,000 emails a day. What gave the hackers access? An outdated mail script.
Last month I found that someone had installed an irc bot on my server. This caused a nightmare for me. The culprit? An outdated upload script.
Wordpress is constantly updating the script because they are constantly finding holes. But if you are not updating your installs, and updating them the proper way, you are setting yourself up for problems.
The new version of Wordpress 2.5 goes a long way toward helping you keep updated. Now when a plugin has an update available, you can click a link, add some info, and it will update itself.
Really a great benefit.
Popularity: 35% [?]
Thank you for sharing this tip!!
Great article Carl. However I read it a little late.
After I read this 4 weeks ago I checked out my own 9 blogs and found that my database of my main blog was full of junk and the root password had been changed by the hacker so that neither my host nor myself could erase the spam. I have been trying to get control ever since.
I found over a hundred pages of links on the footer of one of my blogs even after I upgraded to 2.5.1 and took me 1/2 hour to delete it all from a site that I still sort of control.
This week I am probably going delete all of my data bases and start over and rebuild my blogs from ground up with upgraded database programs and 2.5.1 Wordpress.
None of the host techs can give me any alternatives and I have spent hours upon hours in the last 4 weeks studying MySql books and methods to no avail.
What a nightmare.
Michael
You can change the password for your wordpress database through the phpmyadmin. I can show you how.
Also, did they alter the posts or just the wordpress themes? If you export the posts through the rss feed, you could save the posts without the comments and whatnot.
Thanks Carl,
the phpmyadmin is part of the problem. I have lost control of it and can’t use it to make the changes. The host tech can’t even go through their supposed backdoor and reset.
Fortunately they have not accessed and changed any posts. Most of the junk is in the database where they have created new files and used my MySql as storage and probably link to it somehow.
I have had more than a dozen ‘register’ to my blog from Russia and most of the junk seems to come from there or China. I think they gained access somehow through the admin panel using registration code. Not sure how or whether the 2.5.1 upgrade will even deal with it.
Michael
How did you find out about this problem? What was the indicator?
Carl,
I have spent several hours every day in the last couple weeks reading the Wordpress forums for clues to some of my own problems. Even started a couple of threads.
There is quite a few out there who believe that the ‘register’ has been one of the access points that Russian and Chinese hackers have used to gain access to the WP admin panel. Somehow from there they hack into comments, posts, and even the database.
Some who have thought they turned off the ‘register’ access have later found that Russian spam bots have found a way in and registered anyway.
After reading about this over the weekend, I check to see who was registered to my main blog and found over a dozen recent registrations from .ru that I wasn’t even aware of.
I had originally read some speculation about this a a blog that specializes in Wordpress, don’t remember which one. Then I searched on the Wp forums for anything on ‘Register’.
Michael