My Site Was Hacked!
-
I’ve got a new site–just days old, really. Someone has hacked the site and put download buttons for I don’t know what on each post.
1- How can they do that?! Doesn’t WordPress have security?
2- How can I remove what they’ve done?
3- What kind of security holes are there in WordPress that allow for someone without login credentials to hack a site?
5- How do I prevent anyone else from being able to do this to my site?
6- Do I get better security from an external web hosting provider? Is it because I’m using WP’s own service?
7- I’m using WordPress’ own site and have already paid for customizing a WP theme. If I can’t expect better security, then I’d like to get my money back. I just paid and set this up last weekend. To be hacked already with just a minor number of visitors seems to be over the top.How can this happen so quickly. I seriously want to shut down right away. I don’t know what video is supposed to load from each of my pages, but I don’t want to find out and get some sort of trojan in the process.
For what it’s worth, I had turned on using only HTTPS, but found it completely obnoxious because my browser would constantly ask whether I wanted to load both secure and non-secure items when I went to edit anything…
I hate this! This is the first time I’ve ever had any kind of intrusion, and it doesn’t feel very cool.
The blog I need help with is: (visible only to logged in users)
-
What site are you talking about, and could we have a direct link to a place where this had happened? I’ve looked at your site, http://sageintrinity.wordpress.com/ , both logged in and logged out of wordpress and see no such download links.
-
@ thesacredpath: I just don’t get this. If you don’t see it, then maybe no one else in the U.S. sees it. It’s so bizzare. I think you helped me with not being able to see the changes to my theme as well. I STILL can’t see the changes in the heading, and I’m really not sure what the in-line links look like or the sidebar titles. The latter look like a 9pt (or 9px whatever) font, but the CSS says they’re supposed to be 14. And I haven’t yet checked the links in CSS, but in my browsers they look identical to the regular text (in color)–nothing sets them apart.
I’m REALLY glad you don’t see anything. I see something different on every single post. Right at the bottom of each post there’s some sort of additional buttons or video or other stuff. If you don’t see it, I’m relieved.
On the other hand, my ISP is Deutsche Telekom–they’re the single biggest provider in Germany. We’re thinking of changing over anyway. I wonder if all this has to do with them.
BTW. As in the previous problem I posted, I did look at the site from through another ISP from my office and I couldn’t see the theme/CSS changes there either.
This is getting frustrating!
Do you think it would be better if I left WordPress and got my own web-hosting service provider?
Thanks!
-
I don’t think it’s from your ISP, that would be unlikely. Could you perhaps post a screenshot here of what buttons you’re referring to?
Like @thesacredpath I don’t see any download links. I’m not really sure what you’re referring to so if you could post some specifics that would help us all narrow things down for you. Thanks!
-
@andrewspittle-Rather OT, but the default Blogroll in Quintus seems to be the old one before it was updated with links relevant for WordPress.com.
Blogroll:
http://wordpress.org/extend/ideas/
http://wordpress.org/extend/plugins/
http://planet.wordpress.org/
http://wordpress.org/support/
http://wordpress.org/extend/themes/ -
I think the OP might have imported from a wordpress.org site and brought the .org default blogroll with him?
-
@justjennifer Yeah, I think it’s from a .org install or from an older site created here. The Quintus Demo site and a test blog I made have the right links.
-
I’ve got a new site–just days old, really.
@wank @andrewspittle, it seems odd that an import brings widgets along, unless the OP imported an OPML file and then added the Links widget. In that case, there wouldn’t be only those particular links in it. Just saying…
@andrewspittle- on my test blog, which has no widgets added to the sidebar, I just switched to Quintus and there are three widgets active in the sidebar (Links, Categories/Topics, Archives) with a note saying, “This is Quintus’ widget sidebar. Leave empty if you want a one column layout.” And the Links widget has all the above links included.
(screenshot1-Dashboard Widgets) (screenshot2-BlogFront)
-
@andrew, the blogroll just came with the site. I didn’t do anything to it. I’ve now made the default links hidden.
@wank, what/who is the “OP”? I can guess it’s me, but what does it stand for?
@jennifer, this blog is hosted on the WP servers, not on an independent web hosting provider. That means, as I’ve been able to gather, that I can only use “official” WP themes, right? This theme was a follow-up to a prior effort called Quentin.
Also, what is an “OPML” file?
@all… Ya’ll sound very knowledgeable about this stuff–I’m pretty new, as you might have guessed.
The topic of this post–having been hacked–disappeared after about 3 or 4 hours. By the time of andrew’s first post, these trippy barnacles had vanished, as quickly as they had attached themselves. They were download buttons for a media player, among other things. So I’ve marked it as resolved.
Next, I’m having real troubles with this theme, and I’ve paid WP $30 to be able to customize it so I’m kind of frustrated.
What’s happening, is that I can’t see all the CSS or custom font changes that I make. I still can’t see the bigger font for the blog title, nor can I see the bigger font for the blog description. I still see the original font sizes, if not the typeface as well–I haven’t looked close enough on that.
In addition, there are other things about the theme that to me are suspect. Embedded links show in the same font color as the standard one, not setting them apart at all. The Sidebar widget titles appear in a VERY small font, such that they aren’t easy to distinguish at all.
Beyond that, I’m still learning other things. I’m not sure what to do with the pages… And I can’t really figure out how to make the polls work. For example, I wonder why they work even though I haven’t yet created a Polldaddy account.
Eveything’s new and, though I’m used to working with Drupal, I’m still on a learning curve with the WP-hosted WP sites…
But at least it’s fun!
-
@hamiltonian87-if those download links show up again, grab a screenshot, upload it to your blog as a JPG and post a link to it here. If you can, please also post the direct link to the place where you see them in your site.
As far as your other questions, specifically your question to me: Yes, you can only use the “official” WordPress.com themes and no others. We’re closing in on 150 themes to choose from, so hopefully you’ll find something that pleases you.
But, as you noted you’ve got the Custom Design upgrade, please post all your CSS questions in the CSS Forum so that they get the proper attention.
If you haven’t already, you might want to take a moment and have a look here for how to get started on WordPress.com, http://learn.wordpress.com/
-
WAIT.
You’re not talking about the little buttons beside the words Share This are you? Those are not download buttons: those are buttons so people can post a link to what you’ve written on their Twitter feeds, Facebook, etc. You can disable them if you want.
-
It doesn’t sound like it, rain. Simply because the OP said they disappeared after 3-4 hours
The topic of this post–having been hacked–disappeared after about 3 or 4 hours. By the time of andrew’s first post, these trippy barnacles had vanished, as quickly as they had attached themselves. They were download buttons for a media player, among other things. So I’ve marked it as resolved.
(Personally I thought it sounded like some kind of ad.)
By the way @hamiltonian87 OP stands for “original poster”.
-
@jennifer, thanks for the feedback and for the answers. I have taken a look at the training info and will continue to do so as I move forward.
@rain, nope, it wasn’t the sharing buttons. It was some kind of ad, like jennifer thought. They were BIG sized, appeard at the bottom of each post, but were random. They appeared in a couple of different button styles, and at least one page had a different ad than all the rest, though I can’t remember.
I’ve noticed that screenshots are an invaluable troubleshooting tool here. How do you get them? I’ve seen people using at least one “service” apparently to be able to show them in the browser.
I’m taking care of the CSS issues in the CSS forum. In fact, I just got a critical solution to one of my main problems, so thanks for the suggestion…
Cheers!
-
There are a couple of ways to do screen shots – I have a Win Vista PC and it came with a utility called “Snipping Tool” that is found under All Programs >> Accessories >> Snipping Tool – then save a copy to your PC then upload the image (many put the image in the Media section of their blog and then link the image to a Post here.
See also: http://www.wikihow.com/Take-a-Screenshot-in-Microsoft-Windows
https://en.forums.wordpress.com/topic/screen-shots?replies=7
Seems to me their are a couple of other ways, maybe one of the other folks will pitch in with more info – I stumbled across the Snipping Tool a while back and find it works fine for what I need.
Good luck.
-
Oh, and it looks like we have a Support Doc on taking screenshots as well. :)
- The topic ‘My Site Was Hacked!’ is closed to new replies.
WordPress.com Forums 
