My Wife’s Blog Was Hacked
Don’t Panic
As I’ve mentioned in my January Top Entrecard Dropper’s post, my wife’s blog including the forum was hacked. I was promoting the site to one of my friend in Singapore when I noticed the main page was showing a different page. Being a technical guy, I did not panic but I was so concerned about the data of the site, most specially the forum. And to top it all, I don’t want to face the ire of my wife if she learns about the hacking.
Report to the Authority
I have no recourse but to report what happened to her blog. To my surprised, I did not hear any “furious winds” from her.
First Step: Damage Assessment
The moment I’ve learned about the hacking incidence, I immediately called our webhost provider if they can do something about it. They replied that they have encountered the same problem before and they recommended to upgrade the WordPress version that PinayMom are using.
I downloaded the latest WordPress 2.7. from WordPress.org and strictly followed to the letter the instructions on upgrading WordPress. I deleted everything except for the wp-content folder , that’s the where the plugins and themes folders are located, and I was extra careful to preserve wp-config.php as well.
Unfortunately, the trick didn’t work. After the supposed “upgrade”, the problem still remained. The “hacked” pages is still being shown on the blog and on the forum main page. I could not even login to the wp-admin page!
Check Other Criminal Profiles
I turned to Mr. Google to find the same pattern of hacking, but Mr. G did not return any helpful solutions. It seems my wife’s site was the first victim of this group of hackers.
I even checked some of the entry on the MySQL database, if there were inserts or new table that were created but I could not find any trace.
After 2 or 3 more sleepless nights, I decided to delete everything, including the plugins, themes and all the root pages except wp-config.php which I know contains the database configurations of the site. Lo and behold, the hack was still there even if I uploaded a new copy of WordPress 2.7.
Still Clueless
I was clueless on what to do.
Finally, I decided to put everything offline. I was determined to create a new database. I copied wp-config.php locally and just change the content on it to reflect the new database configuration that I was about to create.
Crime Scene Evidence
And to my surprised, when I opened wp-config.php, I noticed the content was changed. It was totally altered! Not only it was modified, but the wordpress database configuration was all gone! What the ….!
Boom! Gotcha!
The hackers hacked the the wp-config.php file. Their fingerprints was all over the crime scene. They’ve totally messed up the file. Below is the image of the crime scene.
Scene 1:
Scene 2:
The hackers knew what file they needed to hack in order to be undetected, far from the radar sight, knowing that a user won’t change or delete the wp-config.file. As you can see, I was so careful not to touch wp-config.php file. Aside from the wp-content folders, wp-config.php is the last file that you wouldn’t suspect the hackers will use to do their dirty job.
Recovery: Solutions
And this is where the good backup works! Good thing, I have a local copy of this file on my hard disk.
Not only I upgraded the wordpress to 2.7.1., I am now regularly backing up all my blogs. So I suggest to all bloggers and website owners not to take the backup lightly.
Blogging is fun but don’t let the hackers destroy your work. Keep your blog in top and working condition!
18 Comments »
Leave a Reply
Donation Only
Money Making Recommendation
Top Droppers on Entrecard
Blogroll
Friends
Archives
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
Recent Posts
- Got a New 16Gb USB to Combat Static Electricity
- Looking for a Real Estate Website?
- 3 Tips To Make Your Site Visible
- 3 Tips For Creating a Google-Friendly Site
- Working During Non-Working Day
- FREE Webhosting Offer Ends Soon
- Pinay Model Alex Escat Tops Google Search in the Philippines
- From Free to Paid Projects
Categories
Adgitize
Informative post! I’m going to back up my blog as well now, just in case…
Glad everything worked out in the end for your wife’s blog!
kapag sa aking nangyari yan ‘pre, matutulala na lang ako
I am newbie in using domain/wp. I do not know how to backup. My digg, photobucket, twitter were hacked not long ago.
My husband’s site has also been hacked a few times. I don’t even know how to prevent it. Fingers crossed it doesn’t happen to any of us again
Sally, just drop me an email just in case you need some help in preventing your hubby’s site from being hacked.
nice article. i don’t back up my blogs. will start doing now.
OMG!!!!
why they do that, are they getting money on it?
eiy ka2lad kong ala pang money on blog ,heheheh
di cla interesado ….hahahahaha.
I dont know also, first time I heared.
Thanks very much….very imformative post.
you are really good at these things.
anyway, i got a tag for you at my blog. hope you’ll grab it ^_^
thanks for the tag mye! i already grabbed it, but I haven’t written a follow-up on it
I was also advised by a friend that I should do backups every now and then – especially the database.
I maintain my own blog’s backend, I made sure to upgrade all my plugins and WordPress core files. WordPress is like Windows – there are so many blogs that use it, so it is always the easy target of hackers.
As a lady, I think your wife would not really get mad at this incident – I don’t see any reason why she should. She would be (secretly) grateful that you are around to fix your blog.
thanks for dropping by Gem!
good thing that you’re a technical guy errr.. a technical minded gal
and yes, my wife did not get angry at me…she even gave me a wonderful gift. I’ll make a post about this soon.
Technical guy! LOL!
She’s a really thoughtful wife – merong gift! Made me think, baka you kaw naman ang mang-”hack” sa blog ng wife mo just to get a gift! :-p
Oh that is something! But of course to have a techie someone in your side is another layer of security…
By the way, I subscribed to your email subscription courtesy of Makoy’s Big Mak Contest. The email is webbielady.cont@gmail.com. I have confirmed it alread. Please inform him. Thank you very much.
Great work bro for fixing the site. I am not happy about your webhost not giving you ideas on how to solve it.
Anyways, we can also take as a compliment that perhaps your wife’s site was popular enough to be a target of hacking.
Oh My!! I didn’t even think that was possible!! Why would someone hack a site and assume the identity like that? Boredom??
How do you back up a blog???
Wow I learn a lot from your post. I will tell my husband to do the same. I really need to back up everything. Thanks a lot!
hmm, even non profitable blog or give some benefit to hacker they still love to hack.. man, need to back up my blog.. hate this