Blog got hacked

[micho]

fuck, stupid turkish hacker just hacked one of my sites. I now changed pass and deleted the index file, so now it works again. But what also should i change, so he won't do that again?

[PornBlogger]

hey there micho

check out this forum post regarding a WP exploit.. depending on your WP version, it may apply to you:

http://www.netpond.com/blogging-foru...s-exploit.html

[micho]

Thanks for link, I will just update the wordpress as I have the 2.5 still

[PornBlogger]

ok.. and check the permissions on your wp-content directory, apparently that's how many other people were hacked. as reference in that forum thread.

there may be other factors as well, but that's a start.

peace

[micho]

Ok i will do that thanks!

[pam]

Is your upload directory set to chmod 777? Changing pass may not be enough. You need to find out how it was exploited.

If it's the same one that hit everyone recently, changing pass isn't enough. You need to delete all the files that were uploaded and that includes all the image files that had code written into them.

[micho]

Yes it is at 777, at what should I put it? So I should delete all the filed and upload them again?

[pam]

Read the post I made about it -- it tells you what to look for, what files to delete, etc. 666 is a better chmod.

I've said it time and time again, 777 is easy to exploit.

[micho]

I had wp-content to 777 and the images are there, I set it to 755 now

[Gsx-R]

I am using this plugin for Security... dunno how good or bad it is, maybe people can tell, but i had no problem till now...

WP Security Scan | Semper Fi Web Design

It tells to chmod to 755 ... i'm no expert, so again if anyone have better info, please correct me.

[pam]

Is the date on the images the date since the exploit? If so, each has code written into it

[fresh]

Ok so can anybody clearly state what directories should be chmod an how? 755 666?

[freechess]

Quote:

Originally Posted by fresh

Ok so can anybody clearly state what directories should be chmod an how? 755 666?

personally i prefer 666

[micho]

If I put wp-content to 755 or any other I cant upload images. Only on 777

[fresh]

Quote:

Originally Posted by micho

If I put wp-content to 755 or any other I cant upload images. Only on 777

create images folder on the root domain, not in wp-content then...

[micho]

Ye I know. But I don't know how to redirect wordpress to upload files to that folder, as it just upload to wp-content one

[gedeon]

I think there's an option inside the settings panel for the images.
Thanks for you post, it's time to check the secure of my sites.

[Gsx-R]

I have wp-content on 755 and i can upload images from WP Admin
Take a look at the plugin i told you about, it helps a lot...

[micho]

Ok i found it thanks geodenbacsi. I will try the plugin, thanks Gsx-R

[gedeon]

So, chmod the wordpress directory to 755 and it's wpcontent folder to 755 too, and upgrade to 2.5.1 and we are fine?

I'm not a tech guy too, so please somebody explain as basicly as possible what to set up

Hey man, this security plugin is not bad!