OMG was I hacked or is the hard disk just full

0

Think we were hacked on Tongfamily at 5AM this morning. Found that we were stuck at the home page going to the WP install page. There are many “notes”:http://wordpress.org/support/topic/180772/page/2 about this, but it can happen because of a weak password on your FTP or your WordPress admin accounts. I have both and have changed all of them. More sadly, if your hosting provider has a compromised password, then someone can get in and attack everything.

My hack looks like I just get to “Click here to install WordPress page”:http://www.jonlee.ca/follow-up-wordpress-blog-hacked/ but of course, no one is really sure if it was hacked or not, since at that point, you are really vulnerable. In looking at the mysql databases, I discovered that the wp_options table was corrupted and gone. Sad to say, I didn’t do a backup, even though bluehost.com makes it easy to do! I actually did it and then lost the hard disk of the MacBook. So I”m doubly stupid.

net, net for everyone else:

1. Make a backup of everything. On “bluehost”:http://bluehost.com, this is a just a click on backup wizard
2. Export all your wordpress entries so you have a text file you can pour back into a clean installation.

The scary thing of course is with megabytes and megabytes on the server, I don’t know what else is on here. Probably should do a clean install of WordPress just to make sure.

So how do you recover. Well, without a valid options, you have a big problem. I actually created a new wordpress installation and then copied out the wp_options directory. Actually, it was tougher than that. I had an install that had no default prefix, so it was just options. It turns out that for some bizarre reason, some of the options change, in fact there is a field called user_roles that actually changes depending on the prefix, so it was wp_user_roles in one install and just user_roles in another. Arggh.

I then made another mistake because when I logged on, I got a “unable to access page” when I tried to to to the wp_admin page. This was because of the wierd wp_options name change. So I copied in a new wp_user table, but since I copied from a random place, I also copied in the wp_metadata table. this table like the wp_options has something two fields that actually change names depending on the prefix (the default is wp_), so you have to change those too.

Final issue is that I noticed that my Bluehost hard drive is 98% full. You can actually see your disk status in cpanel which is cool. Maybe why the wp_options got wiped out, so maybe it wasn’t a hack?

Related Posts

© All Right Reserved