Comments on: WordPress Blog PermaLinks Hacked by “ElijahHastings65″! http://blog.nachotech.com/?p=125 Tech tidbits that have crunch! Sun, 13 Jun 2010 19:19:38 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: star config web design sydney http://blog.nachotech.com/?p=125&cpage=1#comment-1758 star config web design sydney Sat, 16 Jan 2010 09:02:07 +0000 http://blog.nachotech.com/?p=125#comment-1758 i had problems as well with accounting hiding when they hack ed web site, thank you for explaining us how to do it, especially i like you shoewd us codes in your article. Thank you. i had problems as well with accounting hiding when they hack ed web site, thank you for explaining us how to do it, especially i like you shoewd us codes in your article. Thank you.

]]> By: WordPress Attack: How to protect your blog when you don't know MySQL from My Little Pony | Corporate Blogger | Business Blogging, Web 2.0 & Social Media Marketing for SMEs http://blog.nachotech.com/?p=125&cpage=1#comment-685 WordPress Attack: How to protect your blog when you don't know MySQL from My Little Pony | Corporate Blogger | Business Blogging, Web 2.0 & Social Media Marketing for SMEs Wed, 11 Nov 2009 20:40:42 +0000 http://blog.nachotech.com/?p=125#comment-685 [...] With that Users page open in Firefox, I followed the advice given in this excellent Nachotech post: I went to the View tab at the top of the page and selected Page Source, which pops up all the [...] [...] With that Users page open in Firefox, I followed the advice given in this excellent Nachotech post: I went to the View tab at the top of the page and selected Page Source, which pops up all the [...]

]]> By: Bman http://blog.nachotech.com/?p=125&cpage=1#comment-210 Bman Mon, 28 Sep 2009 02:05:27 +0000 http://blog.nachotech.com/?p=125#comment-210 Hi - thanks for taking the time to report on this! It looks as though the malicious script (or whatever it is) is a bit more seriously entrenched in the installation I am attempting to fix. When I try to view source my antivirus program gets all bent out of shape about threats. I also cannot download the user-edit.php file for the same reason (won't allow me to do so for security reasons). I WAS able to see the name of the evil admin (even though it vanishes from view very quickly) by first figuring out which page it was listed on (this site has many many subscribers, so I needed to dig through to find it), then I visited the page and took a screenshot right away. Sure enough, there was the bad admin username listed in the screenshot. I tried your approach with linking directly to that users edit page but it did not work. You mentioned PhPMyAdmin - could I manually remove the user using that program or will I encounter the same issues? Any assistance you can provide will be greatly appreciated! Thanks B Hi – thanks for taking the time to report on this! It looks as though the malicious script (or whatever it is) is a bit more seriously entrenched in the installation I am attempting to fix. When I try to view source my antivirus program gets all bent out of shape about threats. I also cannot download the user-edit.php file for the same reason (won’t allow me to do so for security reasons).
I WAS able to see the name of the evil admin (even though it vanishes from view very quickly) by first figuring out which page it was listed on (this site has many many subscribers, so I needed to dig through to find it), then I visited the page and took a screenshot right away. Sure enough, there was the bad admin username listed in the screenshot. I tried your approach with linking directly to that users edit page but it did not work.

You mentioned PhPMyAdmin – could I manually remove the user using that program or will I encounter the same issues?
Any assistance you can provide will be greatly appreciated!

Thanks
B

]]> By: Verme ataca Wordpress. http://blog.nachotech.com/?p=125&cpage=1#comment-50 Verme ataca Wordpress. Tue, 15 Sep 2009 00:19:18 +0000 http://blog.nachotech.com/?p=125#comment-50 [...] http://blog.nachotech.com/?p=125 [...] [...] http://blog.nachotech.com/?p=125 [...]

]]> By: iggy http://blog.nachotech.com/?p=125&cpage=1#comment-33 iggy Sat, 12 Sep 2009 15:42:10 +0000 http://blog.nachotech.com/?p=125#comment-33 Hi Jason - thanks for your comment. Sorry to hear your site was attacked too. In my case, I was still able to log into wp-admin, so I didn't have to resort to other measures. My hosting provider (GoDaddy) uses myphpadmin, not cpanel, so I'm not familiar with cpanel. If you do have access to cpanel, however, you should be able to use it to either change the administrator password, or create a new administrator user, which should then allow you to use wp-admin. Here's a couple links that might help you get started: <a href="http://codex.wordpress.org/Using_cPanel" rel="nofollow">Using cPanel</a> and <a href="http://docs.cpanel.net/twiki/bin/view/AllDocumentation/AllFAQ/CPanelFAQ" rel="nofollow">CPanel FAQ</a>. I would also suggest that you contact your hosting provider for assistance. They may be able to restore your Wordpress site and DB to a recent backup. Good luck, Iggy Hi Jason – thanks for your comment. Sorry to hear your site was attacked too. In my case, I was still able to log into wp-admin, so I didn’t have to resort to other measures. My hosting provider (GoDaddy) uses myphpadmin, not cpanel, so I’m not familiar with cpanel. If you do have access to cpanel, however, you should be able to use it to either change the administrator password, or create a new administrator user, which should then allow you to use wp-admin. Here’s a couple links that might help you get started: Using cPanel and CPanel FAQ.

I would also suggest that you contact your hosting provider for assistance. They may be able to restore your Wordpress site and DB to a recent backup.

Good luck,
Iggy

]]> By: Jason http://blog.nachotech.com/?p=125&cpage=1#comment-30 Jason Fri, 11 Sep 2009 23:38:47 +0000 http://blog.nachotech.com/?p=125#comment-30 This a$$**** has got me to! I'm new and my site is screwed up. My permalinks are messed up and I can't log into wp admin. How do I do this through the cpanel? I'm scared that I will mess the site up worse. I look forward to hearing from you. Thank you for your time. Jason This a$$**** has got me to! I’m new and my site is screwed up. My permalinks are messed up and I can’t log into wp admin. How do I do this through the cpanel? I’m scared that I will mess the site up worse. I look forward to hearing from you. Thank you for your time.
Jason

]]> By: iggy http://blog.nachotech.com/?p=125&cpage=1#comment-29 iggy Thu, 10 Sep 2009 04:05:42 +0000 http://blog.nachotech.com/?p=125#comment-29 cavpres - As an example, if your blog is normally accessed as http://www.myblog.com/, abd the user id you want to edit is "5", then you would put "http://www.myblog.com/wp-admin/user-edit.php?user_id=5" into the browser's Location/Address/URL field. If that takes you to a login page, then go ahead and log in. You do need to be logged into your Wordpress blog as an Administrator to be able to edit the users. If you are not taken to an "Edit User" page eventually, then perhaps your Wordpress installation is non-standard. Are you hosting your blog at your own domain, or with Wordpress.com? Also, what is the bogus user name? I am wondering if all the hacks were with the same username. Good luck! cavpres – As an example, if your blog is normally accessed as http://www.myblog.com/, abd the user id you want to edit is “5″, then you would put “http://www.myblog.com/wp-admin/user-edit.php?user_id=5″ into the browser’s Location/Address/URL field.

If that takes you to a login page, then go ahead and log in. You do need to be logged into your Wordpress blog as an Administrator to be able to edit the users. If you are not taken to an “Edit User” page eventually, then perhaps your Wordpress installation is non-standard. Are you hosting your blog at your own domain, or with Wordpress.com?

Also, what is the bogus user name? I am wondering if all the hacks were with the same username. Good luck!

]]> By: cavpres http://blog.nachotech.com/?p=125&cpage=1#comment-28 cavpres Thu, 10 Sep 2009 01:43:12 +0000 http://blog.nachotech.com/?p=125#comment-28 Iggy, Thanks, but I must be very dumb because I still cannot figure it out. Where do I put the URL, in my browser bar? Because when I do that it takes me to the login page for my blog. I saw two users in the view source code, 1 (which I think is me) and 5 (the bogus user) and I can also see a user name for this user as well. But I'm not being taken to any page to edit the info. Thanks again. Iggy,

Thanks, but I must be very dumb because I still cannot figure it out. Where do I put the URL, in my browser bar? Because when I do that it takes me to the login page for my blog. I saw two users in the view source code, 1 (which I think is me) and 5 (the bogus user) and I can also see a user name for this user as well. But I’m not being taken to any page to edit the info. Thanks again.

]]> By: iggy http://blog.nachotech.com/?p=125&cpage=1#comment-23 iggy Wed, 09 Sep 2009 13:16:34 +0000 http://blog.nachotech.com/?p=125#comment-23 cavpres - thanks for your comment. I had an error in the URL due to my own upgrade of Wordpress. I've corrected that and also explained things a bit better. Please read the "How To Find And Delete" section again and let me know if it works for you now. Thanks, Iggy cavpres – thanks for your comment. I had an error in the URL due to my own upgrade of Wordpress. I’ve corrected that and also explained things a bit better. Please read the “How To Find And Delete” section again and let me know if it works for you now.

Thanks,
Iggy

]]> By: Look for IT over here http://blog.nachotech.com/?p=125&cpage=1#comment-21 Look for IT over here Wed, 09 Sep 2009 10:08:21 +0000 http://blog.nachotech.com/?p=125#comment-21 [...] thanks to the guys at NachoTech. The post there helped me sort out and fix my WP issues with a minimal loss of data. Share and [...] [...] thanks to the guys at NachoTech. The post there helped me sort out and fix my WP issues with a minimal loss of data. Share and [...]

]]>