APT & Targeted Attacks
Ask Vic: Hacked WordPress-based blog on WebHosting hub
Tiger-M@te hacked into WordPress blog accounts on InMotion Hosting and WebHosting hub. If you use either of these reputable hosting services and they have not yet restored your blog, then follow the directions posted here.
Hey, Vic, my WordPress-based blog site on WebHosting hub was hacked on Sunday, Sep. 25. When I try to click on my “Dashboard” to add posts, I get the screen shown below. How can I recover my blog?
This past weekend the hacker who calls himself Tiger-M@te and claims to be based in Bangladesh hacked into WordPress blog accounts on InMotion Hosting and WebHosting hub. I was a victim of just such an attack on my own blog at VicHargrave.com.
If you use either of these reputable hosting services and they have not yet restored your blog, then you should follow the directions posted here to get your blog site back:
In my case, I used the following subset of these directions to restore my own WordPress blog:
- Download the latest version of WordPress software here: http://wordpress.org/download/
- Login to your account using the web-based account management that your hosting service company provides. You can also use an FTP client.
- Go to your “www” root directory. In my case, it is public_html
- Remove all the index.php files in your “www” root directory and the top level directories. These top directories would include your WordPress directories like: wp-admin, wp-includes, and wp-content, as well as any others that may be there
- Delete the wp-admin and wp-includes directories.
- Expand the WordPress zip file you downloaded in step 1.
- Log back in to your domain account using an FTP client.
- Copy the wp-admin and wp-includes directories from the WordPress package you downloaded and expanded in step 6 to your “www” root directory.
- Copy your entire “www” root directory and all its contents to your local system as a backup. The easiest way to so this is to use an FTP client with a good GUI.
- Change your WordPress password.
At this point, your WordPress blog should function normally again. Got a security question? Ask Vic I work for Trend Micro and all opinions expressed here are my own.