Did my blog get hacked? What now?

Discussion in 'Apple, Inc and Tech Industry' started by GanChan, Nov 8, 2009.

  1. GanChan macrumors 6502a

    Joined:
    Jun 21, 2005
    #1
    I keep a Wordpress.org blog under my own Yahoo-served web domain. I got an email today that read (I've omitted the names):

    New user registration on your blog:

    Username: [omitted]

    E-mail: [omitted]

    So I go into my Wordpress dashboard, and this dude has somehow added himself as an Administrator. I deleted him, of course, but how does somebody bust in and plant admin privileges on someone else's blog? Is there nothing to prevent it? I seem to catch all the spam comments with no problem, but it looks like I have to do something more.... Advice? :confused:
     
  2. Angelo95210 macrumors 6502a

    Angelo95210

    Joined:
    Jan 7, 2009
    Location:
    Paris, France
    #2
    Some basic security tips :

    - Update your Wordpress to the last version. Security fails will be fixed
    - Change your MySQL password to a strong one, eg : FtGd67/DF
    - Change your admin password the same way
    - Remove your install directory if it's mentionned in the wordpress manual
     
  3. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #3
    Good advice.

    The password while something like that can seem hard it really is not if you know how to make them. The trick is basing the password off something easy to remember. For example lets assume your home address is 1324 Cool Lane and uses that a password I can think of that uses that easy to remember would be C0!0L3LA4N34. That pass word look very complicated but really it is easy to remember. It was converting some of the letters to basic L33T

    Another trick is make the password us using multiple languages then it is not to hard to remember because words are a lot easier to remember than a random password and since it is in multiple languages it makes it a lot harder for some one to crack it. In writing my password I used while I was in school look really complicated but if you knew how I created it and how I remembered it would make you laugh. Got a really good chuckle out of a good friend of mine.

    But might as well tell you as you will get a laugh. Password I used was a foreign word with the English translations and a important year to me built into it. easy to remember and still a great password.
     
  4. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #4
    Or find a sentence such as:

    the quick brown fox jumped over the lazy dog

    and use the first letter to make a passowrd:

    tqbfjotld

    Now swap in some letters/punctuation:

    #tqbfj0tld$

    Use a sentence that you'll remember, such as a common phrase you hear or something that you can easily remember and relate to.
     
  5. GanChan thread starter macrumors 6502a

    Joined:
    Jun 21, 2005
    #5
    Thanks. I thought I was already using a strong Wordpress user password, based on an obscure letter/number combination that makes sense only to me...but it looks like I might've still been running the simpler version of that password instead. I've upgraded it to the full 15-character monstrosity. I've also upgraded to the latest Wordpress.

    I don't know much about MySQL. I just remember uploading the Wordpress.org app onto the Yahoo web server, and then creating a page on my website that automatically redirects to the blog page. So I guess technically the blog is still based off-site, or being treated as off-site by my web app (Rapidweaver).

    I dunno. I'm kinda dumb about these things.
     
  6. Angelo95210 macrumors 6502a

    Angelo95210

    Joined:
    Jan 7, 2009
    Location:
    Paris, France
    #6
    Beware. There is TWO different password. Your MySQL pwd, and your wordpress user password. Two possible flaws. Change them following the good advice above for generating strong password and see what happens.
     
  7. dmmcintyre3 macrumors 68020

    Joined:
    Mar 4, 2007
    #7
    Make sure your wordpress config file (wp-config) is not publicly readable. If it is and your mysql database is accessible from the outside or a hacker is on the same server/uses the same database server could get to it. (assuming your on shared hosting which you most likely are)

    What's your site's URL? (will help us figure it out what's wrong)
     
  8. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #8
    There are various ways of hacking in.

    Brute force is another way among others. The different methods can be made not worthwhile using different techniques.

    If they gained admin they might have left malicious code / backdoor.
     

Share This Page