Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

(Wordpress) Site hacked

edited August 2006 in Vanilla 1.0 Help
Got a call from my friend who said that my site was hacked. I used Wordpress as my platform and thought that it was safe, but I was wrong, it wouldn't have been bad but the friendly message they left was "say no to america and israel" and there were some arabian letters on the screen. Nice for them to point out vurnerabilities on different backends but they could have done it with some other way. So if you have WP running on your site, be careful.

Comments

  • What version were you running?
  • Lotsa Questions: What anti spam and trackback measures are you taking? What was left writable? Does your log show how they got in? Did you post this in the WP support forums?
  • lechlech Chicagoland
    edited March 2006
    Yeah, I'm now a little currious as to what version you were using as well. I remember that 1.5 and pre 2.0 versions had a specific vulnerability of some type but it wasn't well disclosed. If you were still running 1.5, then that would explain it. <edit> Just took a look @ wordpress.org blog, and I guess it was a pre 2.0.2 thing all together involving XSS.
  • There's quite a few mentions of hacking on the WP forums as well at the moment, I'm very interested to hear more as I've got a handful of sites running on 1.5 and 2....
  • It was pre 2.0.2 version, my host is just complete shit and the logs just display error (last time they worked was something around 2002) I just took everything out, since I was thinking of changing my host to RoR friendly service. So if you have any older WP installation running, best change them now.
  • lechlech Chicagoland
    Might want to update the thread title to be more specific, kosmo :) something like "wordpress pre 202 hacked/hackable".
  • Tschk tschk. One of my pet hate is people who can't put something useful in the subject line of an email.
  • I despise e-mails with a blank subject. They disgust me.
  • Or, one with something like 'website' or 'i was thinking...' in the subject...
  • So don't read threads/emails/greeting cards with subjects that are not to your liking, I have allways admired the freedom of the world in this kind of things, something annoys or bothers me, I usually stop doing it.
  • I'm nosey.
  • yea I LOVE emails with blank subjects, freedom is a beautiful thing ;-)

    I consider WP quite secure if you take the steps to make it secure, its one of the most stable programs I've ever used, the latest verison is always best to use since it imrpoves with every new release.
  • bugs, are you on a one man mission to reopen all old posts? LOL
  • needs to be a vanilla addiction extension lol
  • lol Must say that I am addicted to looking up all the latest extensions and themes.
This discussion has been closed.