Web site hacked


If you've enjoyed reading this post then please subscribe to my Full Text RSS Feed.

My blog was hacked this morning. I came in to work, looked at my web site and all that was displayed was a message from the hacker:

Hacked by VexD
Legalize Weed!

I looked at my stats and discovered someone googled “wordpress forum plugin by fredrik fahlstad. version: 1.7.4″ and the person spent 22 minutes on my web site. Now we know why. I have the the wordpress forum widget activated and after spending some time googling, I found out that the forum script has a vulnerability which allows remote sql injection exploit. The hacker changed my admin password and wiped out my index.php. Thankfully the database was still intact. I replaced the index.php from another wordpress installation and changed my admin password before I could login.

Here is a link showing how the hacker executed the remote sql injection.

http://www.secumania.org/exploit/Wordpress-plugin-WP-Forum-1.7.4-Remote-SQL-Injection-Vulnerability.txt

I have deactivated the wordpress forum until I am sure that there is a fix for the vulnerability. Anyone else who has experienced similar type of hack, please let me know by leaving a comment.

Sphere: Related Content

SPONSORED LINK: Would you like to be a sponsor? To find out more, get in touch with us.

About the Author

a tech junkie and a software developer. a apple fan and an avid photographer. a frequent traveller and loves art and graphic novels. My Google+