[wp-testers] Re: Just FYI....I got hacked big time...

Brian Layman Brian at thecodecave.com
Sat Dec 29 13:33:52 GMT 2007 

Hey Chuck, if they are saying conclusively that it was done through SQL injection (and actually know what they are talking about), they should be able to give you the section of the log containing the hack.  Those lines will contain the SQL commands used.  

You can send that information to security at wordpress.org and they will evaluate the risk and take appropriate action.

If Level Up is not able to provide you with the lines from the log showing the hack, then I would wager that they are taking a wild guess as to what happened and what ever DID happen could potentially happen again.   Though it is possible for submissions to be done in a way that it doesn't show in the log, it is much less common in my experience.

However, it sounds to me that the host does not know the source of the problem.  Otherwise they would not be saying "a week or more" and also SQLInjection attacks do not create files in your directories.  I've personally had experiences where a host told me my site was hacked through a wordpress vulnerability simply because I used my version of wordpress rather than the (older) one they provided and they just pulled a standard answer out of the hat.  (In reality I wasn't hacked.  They just detected some of my experimentation using some non-standard php commands - totally outside of wordpress.  I was trying to check the status of my game server and they didn't like my accessing ports on a shared server.)

Sooo, long story short, change your passwords.  Verify that you are running plugins that look like they were made by people who actually know what they are talking about and (and also that the plugins were written for 2.1 or newer when security started becoming a primary concern for everyone).  You may also find http://codex.wordpress.org/Hardening_WordPress interesting.

Good luck!  

______________________________________________
Brian Layman 
b5media Inc.
www.b5Media.com / www.TheCodeCave.com
Skype: BrianLayman
Cell: (330) 858-3446
Fax: (416) 849-0347
TF: 866-652-7189

More information about the wp-testers mailing list