kruxor on April 13th, 2010 wordpress blogs hacked, a new wordpress worm?
Well that will teach me for not updating my wordpress version like the admin panel has been reminding me to do for the last, oh lets say 6 months or so. I have had about 8 of my wordpress blogs that i administer hacked, and i know its all my dam fault. well lets say that i will be updating from now on.
It is being dubbed the wordpress worm (by me anyway 
).
What can they access? Basically if you are running a wordpress version older than 2.8.3 or 2.8.4 the file permissions were set wrong on the wp-config.php file located right in the root folder of your blog. So its world readable, problem with this is that wordpress stores your main database password username in this config file. doh!
After performing the update you should double check the permissions of the wp-config.php file, make sure they are not publicly readable. Change it to 700, rather than 755 which it is by default. If you have a bunch of blogs, this is going to be a real pain!
So how do i know ive been hacked? Well if your as lucky as me, you will have massive defacement of all your blogs, saying how great they are for being able to deface your blog. and linking to heaps of malware and crude images, most of the time they will post there “hack” on twitter with a record of the defacement as well, i found a few of my blogs listed on there, saying who hacked them. Who does that anyway, srsly.
I also found a file put on there, that allowed them to get shell access to the whole site it was called wp-ini.php, if you have a look in this file you can see the password and username and port that it has been setup for allowing the hacker to come back whenever they feel like and upload or download files, or do basically whatever they feel like with your blog.
Another thing that i noticed on the hacked blogs was if you had a look at the files via a ftp client, you can see that there timestamp has been removed. Some of the blogs were just totally stuffed and i had to disable the hosting accounts for good, which is sad really as i had spent quite a bit of time on setting them up. Ah well live and learn i spose.
You think, why would people want to hack my blog? well if they can, they will. Sux but true.
I actually had a few blogs that i had upgraded, but the passwords had already been farmed or something i think and they got re-hacked after, which sux a lot, and most of them were not repairable, so i have just shut the accounts down for the moment. I just had a look at my wp-config.php and the permissions were still 755 even after the upgrade. Well ill change them to 700 anyway just to be safe.
I think all of my blogs were running the wordpress version 2.7.9 or something along those lines. Argh i should have upgraded!
Another suggestion for protecting your wordpress blog was to modify the .htaccess file, you can add the wp-config.php file too it for some added protection.
# protect wpconfig.php
order allow,deny
deny from all
i actually found that code a few years ago on a very old post here. why didnt i listen! 
So anyway moral to the story is Upgrade your WordPress blogs! Do it now! I was actually holding back as i have a few custom plugins that would have broken a bit if i upgraded to the latest version of wp, well there all upgraded now and its a hell of a lot better having a broken plugin than it is having a hacked wordpress blog.
I havent actually tried the following plugin myself, but i have heared its great for totally saving all of your current wordpress blog including settings and then re-importing it into another blog. I think im going to do that now using WordPress to WordPress Import
Here are a few other posts that may help you out if you are looking for more info on hacked wordpress blogs.
