.

blog hacked. so , what to do?

<<

ronsmith00123

Newbie
Newbie

Posts: 1

Joined: Thu Aug 09, 2012 7:20 am

Post Thu Aug 09, 2012 7:25 am

blog hacked. so , what to do?

X-line hacked my personal webpage. Lead me in order to fix it up. Regards
hxxp://weddingsvermont.com
Last edited by ronsmith00123 on Sun Aug 12, 2012 10:33 am, edited 1 time in total.
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Thu Aug 09, 2012 7:57 am

Re: blog hacked. so , what to do?

Do you have any sort of backup ? I think the first step would be trying to work out how they done it as if you just reupload your site they will do it again.

It looks like you are running wordpress did you keep it upto date ?
Have you tried to run tools like wp-scan to identify any issue on your site before it got hacked?

Do you even have access to the site any more ?
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

shadowzero

User avatar

Full Member
Full Member

Posts: 120

Joined: Sat Jun 02, 2012 10:03 pm

Post Thu Aug 09, 2012 8:03 am

Re: blog hacked. so , what to do?

Pretty sure you posted a the same question here before. You were advised to upgrade your WordPress installation and plugins.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Thu Aug 09, 2012 8:31 am

Re: blog hacked. so , what to do?

I'd suggest contacting your hosting provider for further assistance(*). They should be in the best position to assist you with recovering the site quickly and efficiently.

Once this is done, you'll need (unless you want a re-occurance) to find the hole and fix it. Updating as suggested 'may' be sufficient; but again, you hosting provider(*) should be able to assist in identification of the successful attack vector.

And judging from the defacement page message, I'd possibly also suggest not annoying the less trustworthy denizens of the 'net.

N.B. (*), depending on service contract, additional assistance in this matter may chargeable etc.
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Thu Aug 09, 2012 8:54 am

Re: blog hacked. so , what to do?

Yah it might be worth letting them know as other website maybe affected.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Thu Aug 09, 2012 9:39 am

Re: blog hacked. so , what to do?

I think it should also be pointed out that you misspelled "Vermont" in the copyright line at the bottom of the page. (Unless that was part of the defacement as well, but I don't think it was.)
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Thu Aug 09, 2012 9:43 am

Re: blog hacked. so , what to do?

Hope you guys are visiting this site from an unimportant machine. If I wanted to target a bunch of security professionals this is exactly how I'd do it.

;D
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

shadowzero

User avatar

Full Member
Full Member

Posts: 120

Joined: Sat Jun 02, 2012 10:03 pm

Post Thu Aug 09, 2012 10:04 am

Re: blog hacked. so , what to do?

tturner wrote:Hope you guys are visiting this site from an unimportant machine. If I wanted to target a bunch of security professionals this is exactly how I'd do it.

;D


I too suffer from a healthy dose of paranoia caution. I used netcat to view it. :)
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Thu Aug 09, 2012 2:45 pm

Re: blog hacked. so , what to do?

tturner wrote:Hope you guys are visiting this site from an unimportant machine. If I wanted to target a bunch of security professionals this is exactly how I'd do it.

;D

Throwaway VM snapshot via Tor :)
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Thu Aug 09, 2012 3:07 pm

Re: blog hacked. so , what to do?

Yah really good point always use protection :P

When viewing sites that have been hacked!!
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er

Return to Incident Response

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software