shakeelnaim

Wow! This blog was hacked recently. You always read about these kind of things but never expect it to happen to you. Especially not when you’re just starting out and haven’t had much exposure in the blogosphere.
I hadn’t added anything new to the blog, so wasn’t aware of it until a friend emailed me this morning saying “Your blog’s been hacked.” (thanks Tam!).
What the hacker, or hackers, had done was replace my current theme’s index.php with their own. When a user arrived at my blog, they were greeted by a page saying “HACKED BY Red Virus” “just for fun”. If you Google “C3O@W.CN”, you can see examples of this page. They had also modified my admin password so I couldn’t log in to the admin page. I tried reseting the password but received no email.
Being at work, I couldn’t do much at the time, until I got home. Once I got home, I downloaded the entire public_html folder from the host, to try and find out exactly what had changed. Not being familiar with hacking methods and solutions this was quite a challenging task as I wasn’t sure what or where to look. I found this article which gave a few pointers. I have yet to follow all the instructions but this is what I’ve done so far to get the site back up and running.
Since I’d already identified that the theme’s index.php file had changed, I made a note of the date modified, which was 3 days ago. I then did a quick scan of the downloaded folder for any files modified in the last 7 days (as I hadn’t made any changes since February). I couldn’t see anything else but will search more thoroughly tomorrow.
I then searched online for ways of resetting Wordpress admin password and found this article. I started following the steps for resetting the password using phpMyAdmin but as soon as I looked at the wp_users table, I realised that the admin email address had been modified. I thought, before following the remaining steps in the article, I’ll update my admin email and try resetting the password again from the admin page. This worked and I got an email with link for updating my password.
After logging in to my site’s admin page, I first of all gave myself a brand new password. I then updated all plugins that had an update available and then upgraded Wordpress from 2.7 to 2.7.1.
Hopefully this will plug any security holes as a starter. Tomorrow I will follow the remaining steps outlined in Holy Shmoly!’s article. My host also has a FAQ with tips on making your Wordpress site more secure.
I’m still a bit concerned incase the hackers have left any malicious scripts hidden away in some pages somewhere deep in the site structure. If there is any malicious code, I hope the steps outlined in the article above will help me identify it.
I’m pleased to get the blog back up and running as earlier on I was concerned that I may have to delete the whole lot and start again. If anything, it’s been an experience and has focused my attention back to the blog. Hopefully I can make it more secure and then concentrate on adding new and exciting content.