Need help? Check out our Support site, then


Help! My blog has been hacked

  1. idohartogsohn2
    Member

    Hello,

    I have two blogs on wordpress.com:

    hartogsohn.com

    dailypsychedelicvideo.com

    Both have been hacked by a Turkish hacker called Cilginkurt. I am now blocked out of my blog and can't access my account (I have created a new user name in order to write this message). I have written Worspress.com support but have gotten no answer yet. Please, what do I do? I'm desperate and depressed all day.

    Will be thankful for any kind of answer. :(

    Ido

  2. You did not specify a blog address or reason for posting when you created this topic.

    This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you'll find help at the WordPress.org forums.

    If you don't understand the difference between WordPress.com and WordPress.org, you may find this information helpful.

    If you forgot to include a link to your blog, you can reply and include it below. It'll help people to answer your question.

    This is an automated message.

  3. There is absolutely nothing that we Volunteers answering support questions can do for you. You will have to wait for Staff to get to your support ticket and help you deal with your issue.

  4. idohartogsohn2
    Member

    Hey timethief,
    Thank you. I will wait. Anxiously wait. Do you think that wordpress.com has backup of my blog?
    Ido

  5. Yes wordpress.com has backups. Also if the posts in question have been indexed then you will be able to locate them in Google's cache.
    See here:
    http://tinyurl.com/3yrwbus

    I have been here for 4 years and the only cases of alleged "hacking" have turned out not to be hacking at all. The intruder simply guessed the weak password that the blogger chose to use despite the warnings.
    http://en.support.wordpress.com/passwords/#security

  6. OOPS! I was wrong. I just remembered the other cases of "alleged hacking" and what they turned out to be were cases where the blogger provided Admin access to the party who overtook the blog. Currently when transferring a blog to another username the original Admin cannot be removed from the blog without Staff help. http://en.support.wordpress.com/moving-a-blog/#transferring-your-blog-to-another-user-or-account

    Anyway, enough said. We cannot help you here.

  7. idohartogsohn2
    Member

    Thanks again. I am really relieved to hear that there is some sort of backup going on. I hope I will be able to bring things back to how they were.
    My blog password was not weak at all. There is currently a wave of hacker attacks on sites run by Israelis, because of the whole political situation (My site was not political in any way, but that doesn't matter of course). I'm just depressed about the possibility of securing my data now. It seems like there is no way to secure it, because this hacker can break-in any time and ruin the work which has taken months and years to build.

  8. "Can"? For one thing, he has deleted all your posts.

    @tt: WP keeps backups of existing posts. I doubt they keep backups of deleted posts. Do you know more about this?

  9. idohartogsohn2
    Member

    Well, I don't know anything about this. But I think if WP deletes all backups in the second a hacker walks in and deletes your posts, then there is a big security problem.
    I really hope you are wrong here.

  10. @Panos
    I supplied as much information as I could. Whether or not the wordpress.com database and backups are instantaneously cleared when a blog is deleted is unknown to me. That's why I mentioned Google's cache as a possible source of reconstructing posts.

  11. Ido, please also post http://he.forums.wordpress.com/

  12. Thanks for helping out, friends; we're taking a look.

    TT is right in that cases of "hacking" on WordPress.com are either co-admins who alter the blog and kick off others, or passwords that are guessed (either to WordPress.com accounts or even email accounts).

    I personally recommend using a password generator that is capable of producing long, complex passwords, like 1Password for Mac OS or this site if you just need the password generated. A minimum of 8 to 12 characters is a good rule of thumb.

    Does anyone here use a Windows-based password manager they recommend?

  13. @Markel
    From the support documentation > KeePass http://keepass.info/download.html :)

  14. Hi,
    Yesterday I checked my blog from a friend's computer. I saw that the article I'd posted that day, along with one a couple days before, and my two most recent posts, along with a comment, had dozens of links (my words turned into links) to something called, "Sushi."
    I don't see these links from my computer. I deleted a comment that had a link, so I don't know what to think. Is it possible for my blog to have these links and me not be able to see it from my own computer?
    Thanks for any assistance you might offer.

  15. Hi,
    I can't find the program on my computer. Still working on it...

  16. Yesterday I checked my blog from a friend's computer. I saw that the article I'd posted that day, along with one a couple days before, and my two most recent posts, along with a comment, had dozens of links (my words turned into links) to something called, "Sushi."

    As you used your friend's computer to see these links it would seem the sushi program would be on your friend's computer and not on yours.

  17. @dogkisses
    Also note that we are Off-Topic posting on sushi in this thread as it has nothing whatsoever to do with what the original thread is about. :(

  18. thank you timethief. My apologies for the subject I posted. I mistakingly thought we were talking about the same thing. I thought my blog had been hacked :(

  19. pornstarbabylon
    Member

  20. Thanks all of you. Support has contacted me and I hope to get control of my blogs and possibly restoring them ASAP.

  21. @pornstarbabylon
    That's a new one to me. Thanks for posting the link. :)

    @idohartogsohn2
    I'm so glad to hear you are closer to getting control of your blogs again.

  22. Never write a password anywhere, i do not use any password generator, instead make my own complex and long passwords one per account.
    Another good way to make passwords is just think of a simple word which you want to enter as a password, and then generate a hash of that password, and use the generated hash instead of the simple password. You can use MD5 or etc hash functions,. even the simple crypt is good. The problem is long hashes are difficult to remember at the beginning, but you can always regenerate the has with the original simple word. But you must keep which hash function you are using and the initial word.

  23. idohartogsohn2
    Member

    Hello everybody,

    I'm getting worried again. Yesterday I got a message from [email redacted] with the subject: "[HACKED BY CILGINKURT] New Admin Email Address" saying;

    Dear user,

    You recently requested to have the administration email address on
    your site changed.
    If this is correct, please click on the following link to change it: [link]

    When I clicked on the link I got the message "cheatin', uh". I don't know what this means but ever since then I did not get any more messages from support and they don't answer any of my emails.

    Does somebody (maybe people from the site) know what the message meant and what is going on?

    Ido

  24. Ido,

    We're getting to your request, so please hang tight. If you have any other concerns about it, please reply with them in your support ticket so we can make sure we have all of the information we need.

    Thanks!

  25. idohartogsohn2
    Member

    Thanks, Markel. What is support ticket?

  26. @ido
    This is the form you completed for Staff after you clicked this link> http://en.support.wordpress.com/contact/ it is called a Support Ticket

  27. Ido,

    You can give us additional information whenever we're working with you on an issue by replying to the last email you received.

  28. I'm getting to the point of despair. Maybe I don't understand something but it has been 2 days since I heard from support and I don't get replies for any of my mails. Do support have a phone number?

    I''m writing this here in hope that somebody from support will read this and get back to me. I'm leaving for a long trip in a few days and am anxious to get my sites back on the air until then. It has been 4 days already, and I am really losing my mind, so pleeeeze!

  29. I finishing fixing it up right now - there are a few more steps we need to take, but please check your email.

Topic Closed

This topic has been closed to new replies.

About this Topic