[wp-forums] Help I've been hacked
Petit
petit at petitpub.com
Fri Jul 21 22:47:26 GMT 2006
Podz wrote:
> Craig wrote:
>
>> This is a great idea, Podz. It could certainly be tied in to general
>> "good housekeeping" or "best practises" kind of things. BACKUPS
>> BACKUPS BACKUPS and all that rot.
>>
>> We should be able to harvest some of the verbiage from old posts on
>> this topic, no? At least be able to use it as a basis for the new
>> stuff.
>>
>
> I'll kick it off then:
>
> 1. Don't panic. What's done is done. It's time to clean things up.
> 2. Do you have a backup?
> - Yes? do ....
> - No? do...
> 3. Tell your host what has happened. They will blame WordPress at this
> stage. They always do.
> 4. You need to assume that your /wp-content/themes directory has been
> compromised. You can download that directory but it must then be deleted
> from the server.
> 5. Download a new WordPress zip from http:/wordpress.org/download. Unzip
> it. Upload the themes directory. Yes your site will look ugly but it'll
> work safely.
>
> Then it needs something about dealing with plugins, something about
> leaving all files at 644 (do we need to know what they were?) and.....
> other stuff that escapes me right now but backups etc need pushing.
> I'm sure I said before we need the occasional hacked post to bang home
> the concept of backups.
>
> Anyway the above is rough as hell, needs dissecting from various views
> including security and that "If your host believes that.." thing too.
>
> I would like this to do 3 things:
> - assist the person who opens their browser to their site and promptly
> freaks
> - push the ideas of what you said Craig about best practice
> - be more pro-active about the damn hosts who keep saying "It's a
> WordPress vulnerability" and in the next breath "Come to us it's 1-click
> WP here!" which really annoys me. If we can produce something useful it
> becomes a tool for use outside too.
>
> P
Great idea!
.
On point 1 I agree.
On point 2 I don't have the wording.
3. I think we shouldn't give that absolute statement. Sounds a bit harsh.
Many hosts will blame it on WP, and it sure *is* annoying, but we
don't know that "They always do".
Maybe "Tell your host..... At this state some hosts will blame
WordPress, but ...( blab on the thoroughly tested by thousands of
users,etc. goes here ) "
4. OK
5. Put a bit of pressure on the point to upload *only* the theme.
The novice may upload all of WP and kill some important settings.
All I can think of at this late hour.
/Petit
More information about the wp-forums
mailing list