Frickin' script kiddie hackers whatever
My wife couldn't log into her site today (she runs a WordPress site) and it just took a visit to the main page to figure out she'd been hacked last night. Luckily it was just WordPress itself and not the whole thing, so it took me just a couple of minutes to throw up a "site down for maintenance" message instead of the hack crap. Took a bit longer to restore the whole thing, since it hadn't been backed up (mea culpa - originally she was just doing it on the side and I forgot about it).
Supposedly it was the "Bangladesh Cyber Army" but emails led to Israel and names and membership led to Arab states and the whole thing supposedly is in retaliation for policies of India, so who the hell knows (and, FWIW, her site has NOTHING to do with any of that).
I got into the DB and restored the passwords, restored the root index.php which was obviously trashed, then it took me a bit longer to figure out what else they had actually mucked with (basically another index file and the 404 page), but since I don't usually use WordPress it took more of my time than I wanted.
Anywayz, she's back online, and I'm just a few hours shorter in my day. Pain in the ass, and it was a cheap hack job too (but thankfully for me). People with nothing else better to do (them, not me). And, anyway, the site is now backed up and I'm hardening access to it. Even frickin' side projects chew up time.
napoleon_in_rags
(3,992 posts)Age of the false flag.
I never really studied security, wish I had these days. But I got hacked using common blog software too. (BBlog) There's an argument for rolling your own, if you can.
DaveJ
(5,023 posts)Do they just get ahold of the admin credentials somehow or is there some other backdoor? I'm guessing that people using the same username/passwords on independent sites that don't protected the users' passwords, then the hackers somehow get ahold of them and try the same username and password for the user elsewhere. But I have no idea really.
Tab
(11,093 posts)- WordPress sites are easy to identify either by HTML or maybe just "Powered by WordPress" or whatever the hell on the same page.
- The default admin page is <site>/wp-admin (although you could change that)
- The default db prefix is wp
- The default admin user is 'admin', and default password is 'pass', although in our case certainly the password was different (if not the username).
There's more shit along those lines, but it starts there. I suspect they just iterate through it until they find something that works.
Interesting that they didn't kill the whole site (go all destructive on our ass) but just invalidated a few key files so we were obviously hacked. It just so happens my wife's husband (me) could ultimately unravel it, but for the average person with a WordPress site they'd be hosed with no obvious way to fix it.
DaveJ
(5,023 posts)I don't remember changing it but admin/pass didn't work so I guess we're ok. I'm surprised we haven't been hacked since our username/password scheme is incredibly simple and insecure. It's just a matter of time... but I'm not the guy in charge of that. Glad you're ok and that the hackers were not overly malicious.
Tab
(11,093 posts)(I'm not that bad)
If nothing else, back it up so you can get it back to a (relatively) current state if need be.
If you have time, move the directory from wp-admin to something else.
I'm talking bare-minimum here.
Dash87
(3,220 posts)- Password cracking through password combos / commonly used passwords is a favorite. Also, keywords from a page used as password tries. Password info, as you said, can also be stolen, sold, and bought. The amount of people that don't encrypt is frightening.
- exploits
- admin accounts
- Trojans and key loggers
- an unprotected backdoor exploit found and shared among hacker groups (their websites aren't as secret as the idiots think, though)
- Honestly, though, most of them think its super 1337 to use DDOS. Script kids are usually terrible hackers and only get away with it because they're in foreign countries that don't care.
Phillip McCleod
(1,837 posts)those hacks sound exactly like somebody testing their exploits on the nearest available target. there's an 'app for that' for determining the platform a particular site is running on.. some apps for sql-injection and then..
..then there's metasploit..
gtar100
(4,192 posts)Very immature which I suppose is why the term 'script kiddie' seems to stick so well. But, geez, if you can hack well enough to get past security, why not work on the side of good? Just defacing websites is so pointless and only shows to people that the hackers are just a bunch of assholes. I would think that would be enough to convince these people to just stop their idiocy... I really expect too much from people.
Tab
(11,093 posts)However this time I had a current backup and we were restored within minutes of discovering it.
They focus on WordPress installations - those have a separate login page - and seem to change some things in the database (probably via the WordPress admin menu - they don't seem to have gone in via the cPanel, at least they haven't screwed up anything there); they do change the index.php and the 404.php, which I assume you can do via WordPress admin. A couple of other small things. I think they just have a script that does all this.
But really, if it was just the average person running a WordPress site, they'd be hosed for a long time, maybe forever. And her site just has medical health info - nothing to do with middle east politics. Because of what I happen to do for a living I could fix it, but that's just a lucky coincidence.
I guess if I put myself back in my 15-y/o frame of mind (going back 35 years to do that) I can see the attraction, not unlike spraying graffiti I guess, but once you get to be a little bit mature, it just seems mean and pointless. Plus, this is more destructive than graffiti. Graffiti you can paint over, with something like this if you don't know how to bring back a website, that's years of work down the drain.
My Website got hacked by BD Script Kiddie Hackers
Draug
(6 posts)A couple of local clubs here had web sites that Google was characterizing as "possibly compromised." They had no idea what was going on until I pointed out to them they had been infected with the WordPress Pharma Hack. Neither was able to recover and both were eventually taken down. One of the posters at The Register once described WordPress as "the new Adobe" with respect to security.