My blog was hacked tonight, and it seems I’ve gotten it stable for the time being. Tomorrow, assuming it’s all still in order (fingers crossed), I plan to do a full reinstall of the latest versions of WordPress, Thesis and all my plugins. But in the meantime, I’m thinking this could be pretty widespread so I wanted to share some info in case anybody else has the same problem.
Specs
I’m currently running WordPress 3.0 and Thesis 1.5.1.
The Problem
The punk placed this stupid page on my root domain with a questionable music loop.
Altered Code
I dug into my files to find any bits of crazy code I could. Seems there were two culprits in my Thesis folder – themes/thesis/index.php and themes/thesis/header.php. Here’s a screenshot of the nasty code:
I did a pretty exhaustive search through all my files in case the hacker dropped any gnarly stuff someplace else, but I couldn’t find anything. Still, as mentioned, I’m doing a full reinstall tomorrow.
Temporary Solve
I deleted those two files – themes/thesis/index.php and themes/thesis/header.php – and uploaded the original versions from the Thesis folder I had saved on my hard drive. Voila, blog works again.
Security
I changed my admin password, MySQL database username and password, FTP client password and my email password. If you have more suggestions I’m all ears.
I hope this is helpful and good luck!
Hi, my name is Amanda Vandervort. This is my personal blog where I discuss digital and social media strategies in soccer. Opinions are my own.
{ 2 comments… read them below or add one }
Hey there! I’ve been following your site for a long time now and finally got the courage to go ahead and give you a shout out from Lubbock Texas! Just wanted to say keep up the good job!
Hello Amanda. I know full well how you feel. I am sorry for your loss and added trouble. I also have 2 blog sites which were both hacked withing the past 2 weeks. But unfortunately for those clowns who hacked my blogs, I am not as good natured and patient about their mindless idiocy as you seem to be. You have my vegetarian website address already so I won’t add it again in this comment box, but if you like, go take a look. I intend to leave my blog index page just like it is until I get all the hacker’s damage fixed. And I’m really not in a big hurry either. Soon, my 7,000 plus subscribers along with the hacker’s islamic boasting buddies will all see exactly what kind of hacker he really is. I hope he will learn, hacking doesn’t pay and boasting about it is even less rewarding. LOL
Anyway, hope you have a Great Christmas and a safe New Year! Good post. I really like your writing style. I’ll be back.