| User | Post |
|
6:36 am
February 8, 2012
|
20s Finances
| | |
| Admin
| posts 1147 | 
|
|
|
I woke up this morning to an ugly photo (low resolution smiley face) as my featured article today on my homepage. I was quite surprised because I hadn't set a featured image and I definitely would not have set a smiley face as a featured image for my featured image.
After seeing this, I quickly inserted a featured image so that my readers couldn't see the stupid smiley face (and it worked), but I'm worried that something else may be compromised.
Any tips on how I can investigate this further? I have a firewall plugin that protects most attacks, but I don't know where to look to see where this file is or how it was showing up on my site without me doing it?
|
|
|
|
|
6:52 am
February 8, 2012
|
Dana
| | |
| Member | posts 633 | |
|
|
Have you checked all your plugins? Last month my site was hacked through a plugin {hidden p*rn links ugh!}. I disabled all my plugins and added them back in one by one to see who was the offender. May want to change your passwords too….
|
Dana
Site:
Gmail:
Twitter:
|
|
|
7:16 am
February 8, 2012
|
jaicatalano
| | New York | |
| Member | posts 846 |
|
|
|
Change passwords immediately.
|
|
|
|
|
7:40 am
February 8, 2012
|
Aloysa
| | |
| Member | posts 910 | |
|
|
This is so scary. I am no help here. But did you notice anything else looking odd? Did you read your post just in case to see if anyone inserted any links or odd sentences? Definitely change passwords.
|
Creator of:
 
|
|
|
8:01 am
February 8, 2012
|
Modest Money
| | |
| Member | posts 256 |
|
|
|
I don't think changing passwords will help much. If you have been hacked, he likely has some kind of backdoor. Personally I would try to find a trustworthy computer geek who specializes in protecting sites from hackers. You may be able to put a bandaid over it yourself, but it's gonna hurt when that hacker later rips it right off. If you're worried about it, you might as well play it safe and pay someone to make it more secure. If not, you'll always be worried about the problem coming back.
|
|
|
|
|
8:17 am
February 8, 2012
|
sooverthis
| | Kentucky | |
| Moderator
| posts 1041 |
|
|
|
Definitely contact your hosting company to see what kind of options they offer – they may be able to give you some insight into what happened.
In the meantime, set up a new administrator account with a different login ID and delete the old one. Get the limit login attempts plugin and set it to email you anytime someone tries to login so you can block the IP.
|
|
|
|
|
8:47 am
February 8, 2012
|
MyJourneytoMillions
| | |
| Member
| posts 1012 |
|
|
|
Contact Jesse from PF Firewall – he is my server/site guru. Last summer he saved my site from destruction from the "Sons of Allah" – VERY reasonable prices as well
|
|
|
9:22 am
February 8, 2012
|
Money Reasons
| | |
| Admin
| posts 697 |
|
|
|
I can help once I get home.
Call your host to see if they can help too.
This is what I would do:
1.) Backup the site as is (both you db and your files)
2.) Change your passwords.
3.) scan for newly updated files that might be infected (If they are replace them with newer versions).
4.) disable most new plugins
5.) scan your db to make sure the damage isn't that bad.
6.) replace all infected files and cut out any sql damage.
|
|
|
|
|
11:25 am
February 8, 2012
|
Eric – PersonalProfitability.com
| | Portland, OR | |
| Member
| posts 2120 |
|
|
|
Also, for everyone, add good security plugins to prevent this from happening in the first place and make sure to tighten up your folder permissions. Here is a good guide:
http://www.problogger.net/arch…..re-secure/
|
|
|
|
|
11:55 am
February 8, 2012
|
20s Finances
| | |
| Admin
| posts 1147 |
|
|
|
Okay – I'm the biggest idiot ever. *FALSE ALARM* I did have most of the security plugins installed. Here's what ended up happening (after I changed my passwords, etc.)
I didn't have a featured image assigned, but in my post I had used ":)" which turned into the smiley face icon. My wordpress theme interpreted this as my featured image (because I didn't have any other imagE) and I didn't catch it until a couple hours later. I can't believe I didn't make the connection earlier.
|
|
|
|
|
12:28 pm
February 8, 2012
|
MoneyBeagle
| | |
| Member
| posts 1466 |
|
|
|
So you kinda hacked yourself 
Glad it was a false alarm!
|
|
|
|
|
5:21 pm
February 8, 2012
|
Smart Wealth
| | Michigan | |
| Member | posts 304 |
|
|
|
lol glad that was a false alarm. Good though to bring everyone's attention to this issue.
|
|
|
|
|
5:41 pm
February 8, 2012
|
Andi B.
| | PDX | |
| Member | posts 272 |
|
|
|
I'm very glad it was operator error. Kind of reminds me to visually check my site though. One time I did saw that all of my photos weren't showing. That was a panic attack and a half.
|
Andi B.
Make the life you want.
Enjoy good food.
Enjoy good friends.
|
|
|
9:03 am
February 9, 2012
|
AmericanDebtProject
| | |
| Member | posts 199 |
|
|
|
That is too funny. But those are good tips and I am definitely bookmarking this thread for future reference.
|
|
|
|
|
10:31 am
February 9, 2012
|
Khaleef @ KNS Financial
| | Fat Guy, Skinny Wallet | |
| Member
| posts 3149 |
|
|
|
I'm glad it was just a false alarm! But hopefully, this will make all of us pay close attention to security.
|
|
|
|
|
1:37 pm
February 9, 2012
|
Jeff @ Sustainable Life Blog
| | |
| Member | posts 964 |
|
|
|
glad that was a false alarm!
|
|
|
|
|
2:41 pm
February 9, 2012
|
Dominique Brown
| | Washington, DC | |
| Member | posts 510 |
|
|
|
sooverdebt said:
Definitely contact your hosting company to see what kind of options they offer – they may be able to give you some insight into what happened.
In the meantime, set up a new administrator account with a different login ID and delete the old one. Get the limit login attempts plugin and set it to email you anytime someone tries to login so you can block the IP.
I have the limit login attempts plugin but do not see a configuration setting to specify an email for failed login attempts
|
|
|
|
|
2:45 pm
February 9, 2012
|
20s Finances
| | |
| Admin
| posts 1147 |
|
|
|
Under settings, limit login attempts, there are two checkboxes under where it says "Notify on lockout". Select both of those and then insert the number of lockouts that you want to be notified after.
If that doesn't work – let me know.
YourFinancesSimplified said:
sooverdebt said:
Definitely contact your hosting company to see what kind of options they offer – they may be able to give you some insight into what happened.
In the meantime, set up a new administrator account with a different login ID and delete the old one. Get the limit login attempts plugin and set it to email you anytime someone tries to login so you can block the IP.
I have the limit login attempts plugin but do not see a configuration setting to specify an email for failed login attempts
|
|
|
|
Login
Search 
Home
Print this Topic 
Topic RSS 
