A few days ago, my site got hacked. I thought I’d mention a few things about it. It isn’t such an enjoyable process, but it did lead to some good things.
- I got to try restoring from a backed up database, through PHPMyAdmin, and that went smoothly
- I cleared out loads of files that had I had placed on my server at various times to share with others, so that was good for organization.
- I adjusted and cleared out some of the plug-ins I was using
- I am better able to respond to future similar predicaments
The hack occurred most likely through a recent phpBB forum installation attempt I had done the day before. I think I left some vulnerable files on the server that were then very quickly exploited, and then code was inserted in all my PHP files, which then led to anyone heading to this site that had not been to it before(based on cookies) getting redirected to some advertising site.
Some Recommendations
I would suggest that, if you don’t, you want to set up database backups to be sent to an e-mail address of your choosing using the WordPress Database Backup plug-in. There is a chance that the exploit did not alter my site database, but I restored from a recent database just to be safe, and then republished the articles and comments that had been posted after it. I wouldn’t recommend recreating comments from scratch like I did, but it was okay since it was for 2 articles.
Also, if you do install some 3rd party software on your site, it is important to set file permissions to a safe level after install if possible.
{ 5 comments… read them below or add one }
Twitter: cheryl_paris
April 27, 2010 at 12:54 am
Hi Armen,
I am sorry about the situation you faced. Sometimes these things just happen. I am sure it did get you do to rework but since you had back up that was great! We just need to make our blogs more secured.
I am glad to hear the updates to protect against hacking…thanks!
Cheers,
Cheryl
.-= Cheryl Paris´s last blog ..Look Inside to Discover How to Have More Gratitude =-.
Twitter: Armen
April 27, 2010 at 7:52 am
Hi Cheryl.
These things sure do happen. I had read many articles by others about getting hacked and the preparations to take or whatnot, but having it actually occur certainly gets the response mechanism going. Glad to provide any security information I can.
Hey Armen,
i’ve been there too, twice! And each time I’ve learned how to secure my blog better and not install too much crap that causes the problems.
You can never be totally hack proof but you can prepare in case anything does go wrong and restore the data relatively simply!
glad you managed to get it all back up and running!
Amit
.-= Amit Sodha – The Power Of Choice´s last blog ..Video – Are You Still Doing Things To Make People ‘Like’ You? =-.
Twitter: Armen
April 27, 2010 at 7:53 am
Hi Amit.
Getting hacked twice sure is something. You are right that we learn during the process, and end up with cleaner sites because it just feels safer.
Preparation sure is valuable. When something happens, you’re suddenly glad that you have a regular database backup in place, or that you have drafts saved somewhere, or so on.
Thanks for that.
Twitter: kruby
May 5, 2010 at 7:27 am
I’ve never been hacked (knock on wood), but know at some time chances are that it will happen. As long as you have a backup plan and are prepared, it hopefully will go smoothly.
Another thing to consider in addition to the WP backup scheduled, is to ensure that your theme installation and WP is up to date. Older versions are more likely to be hacked than recent versions.
Sorry that this had to happen to you, but it looks like you learned something from the process and were able to share with us.
Karen
.-= Karen´s last blog ..Do You Recognize Yourself In These 6 Stages of Change? =-.