Most of you probably know that this blog was hacked a couple of days ago. In fact, you can see in my archive page that there is a notice (until now) saying to just go directly to my posts instead of going to the homepage. Well, long story… (you may not want to read this because this is boring!)
The day started when I tried loggin in to my wordpress blog admin page. I was surprised to see that the my login wasn’t succesful so I retried it. But well still to no avail. I immediately pressed the forgot password and well my password was reset and I was able to login again. Being curious, I immedaitely visited my site and saw that I am hacked! Well, I was surprised at it that I wasn’t even able to take a screenshot of it (if everyone has, please give it to me ๐ ) I then panicked a bit mainly because obviously I know little with things like this and well its just that from my point of view I can do nothing by myself.
So I then turned to the busiest forum in the world, the digital point. I have made a thread there saying my site was hacked and I immediately got great responses. Some were saying that I should check for some shells, others are saying this and that and those. I also went through the teenager internet marketing forum, blog premiere. Many people have responded as well, but in a longer span of time. Jason pointed out saying that I should get the db from my host which is gator. Oh, yeah! I forgot I should have a conversation with my web host which should be done first and foremost. I immediately called them and talked (they were polite) and they say they would get back to me asap. The incident reminds me of the hacking of Carl Ocab’s site. When his site was hacked, what he did was to change host and update the nameservers and it became fine. The process is a little lengthy though.
I was busy all throughout the day. I then called Rajaie who could probably help me with this. he responded immediately (thats what friends are all about:-) ). He asked for my wp account and I immediately made one for him and made him an administrator. One clear thing is that I dont have a clear path of what to do. While waiting for him, I emailed Scocco of DBT, I tweeted Shoemoney, and the number of replies from dp kept on growing. I then revoked the admin privileges to Alkorani because I feel I should on a more clear direction.
Turned the PC off and think more. I had to be more focused and DETERMINED for it. The blog, well aside from having sold out ad spots, hundreds of readers, the main thing is that it’s a part of me. That’s why my name has on it. After 2 hours, turned the PC again, got reply from Scocco saying I should reinstall wordpress and load the backup. Problem is that my last backup was made way back June, wtf! I told him if there;s other solution? and he said none! I am a click away from removing wordpress and reinstalling it and loading an outdated backup but I said No! Then the great light came in and it seemed that in a blink of an eye I know the end of the tunnel is very close.
I, have searched on C99 shells and have found some of them on my public_html folder, then I also found suspicious files which I fearlessly deleted. Then still not fine~ oh shit! Then an idea popped out and well I changed my template back to the old and ugly Kubrick theme. I loaded it and to my surprise it loaded succesfully… Aha! The problem was on my template. Obviously, the site’s main page is the only one not functioning. What I did is look at the index.php and bingo! I have found out the culprit! I immediately restored the code back and it was back again. The rest was history…
What did I learn? Many things; always back up, never lose composure, trust yourself, and believe in your friends that you can do it, they add positive things. To all, thank you for the help, digital point, blog premiere, the bloggers I have contacted and everyone. A very great experience to me!
Haha.. never say it was a great experience man.. ๐ I guess be active on twitter and people will help you a lot their too…
Good to know the site is back ๐
Were you using the latest WordPress version at the time?
One thing for bloggers, they all come together in a crisis.
No. Im very certain thats one part of the vulnerabilty of my blog that time.. Right now, wordpress is updated…
I left a comment for you on your latest blog article submission at blogengage regarding your blog being hacked! I noticed about 3 days ago I was being redirected to another web page. Glad to see you got things fixed and working!
This happens to the best of us and I’m sorry to hear they targeted you! Keep up the great work!
bbrian017
<!– /* Font Definitions */ @font-face {font-family:”Cambria Math”; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:””; margin-top:0in; margin-right:0in; margin-bottom:10.0pt; margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:”Calibri”,”sans-serif”; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:”Times New Roman”; mso-bidi-theme-font:minor-bidi;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:”Times New Roman”; mso-bidi-theme-font:minor-bidi;} .MsoPapDefault {mso-style-type:export-only; margin-bottom:10.0pt; line-height:115%;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} –>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:”Times New Roman”;
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
Hey wait I was mistaken! I thought it was your article and it wasn’t, sorry about that! Seems many people are getting hacked these days! It’s not only blogs it’s all software scripts and sites! People thrive off doing it!
You can add this bit to the above post if you wish I just wanted to let you know I was mistaken but Iโm also still sorry to hear you were targeted!
melvin, i can’t even imagine how you felt when you found that… you survived this and you learned something. Next time (hope there won’t be a next)you will be better prepared.
No one is safe nowadays… :\
whats this? hmmmm!
I’m glad you’ve managed to fix the problem. ๐ Some other people just give up and cry lol.
Actually what you gave is the link about the pepperjam ref program and not about this one…
So, it’s because of your theme?
Hm..
Its a depressing feeling to see your blog being hacked…i am happy you managed to restore it.
I am sorry this happened, surprisingly I like to read about it, I wondered what happened a few days ago. I wish you knew who the guy was, or at least had a screenshot of it.
Hmm… a theme problem? If so, try using the theme authenticity checker for your themes.
I forgot to mention, congrats on getting your blog back!
I remember when I had my blog hacked. It was like the longest day of my life. I know that when I look back I’m glad that it put a scare in me because now I know better but I’m glad you have people like Rajaie to help you out so thats good man. Glad to see you back.
Wow, that really sucks, and my worst fear, I change my password like 3 times a month, congrats on the recovery!
JR
I hope everything is fine now. Why don’t you change the theme? A new theme is sure to spark some interest in the visitors.
I learned one lesson from this post – always have backups of your blog.
congrats on facing it successfuly… one more thing i’d like to add… always have your software (wordpress and plugins) updated to the latest version. and if you want to be a bit paranoid check out secunia.com before installing anything ๐
Most all blog hacks are from people not upgrading their blog software.
If you don’t make a ton of changes, just backup your template one time, then create or download a script to email you a database dumb every couple days.
Hacker Forums
It is not out-of-date information? Because I have other data on this theme. http://video-online-go.ru/map.html
A SUPPORTED BY THE DEVELOPER TOOLS? It was interesting. You seem very knowledgeable in ypour field.
I didn’t get your email man. Else I would have tried to help.
Glad you solved it.