My blog was hacked this morning. I came in to work, looked at my web site and all that was displayed was a message from the hacker:
Hacked by VexD
Legalize Weed!
I looked at my stats and discovered someone googled “wordpress forum plugin by fredrik fahlstad. version: 1.7.4″ and the person spent 22 minutes on my web site. Now we know why. I have the the wordpress forum widget activated and after spending some time googling, I found out that the forum script has a vulnerability which allows remote sql injection exploit. The hacker changed my admin password and wiped out my index.php. Thankfully the database was still intact. I replaced the index.php from another wordpress installation and changed my admin password before I could login.
Here is a link showing how the hacker executed the remote sql injection.
http://www.secumania.org/exploit/Wordpress-plugin-WP-Forum-1.7.4-Remote-SQL-Injection-Vulnerability.txt
I have deactivated the wordpress forum until I am sure that there is a fix for the vulnerability. Anyone else who has experienced similar type of hack, please let me know by leaving a comment.
Sphere: Related Content
a tech junkie and a software developer.
a apple fan and an avid photographer.
a frequent traveller and loves art and graphic novels.
Omg! I got hacked by the same person today!
And I also have the forum plugin.
Extracted from Fahlstad’s website forum:
This vulnerability when exploited successfully allows the individual to retrieve usernames, password hashes, and email addresses for all users, including administrators. However, the user has to have knowledge of the proper database table prefix. This vulnerability has been confirmed in version 1.7.4 which is currently the most recent version available for download.
http://www.fahlstad.se/?page_id=243&forumaction=showprofile&user=925
That’s pretty scary
My wordpress site was hacked and I also noticed searches for that forum plugin. I since disabled it.