UREGNT! My WordPress domain name has been hacked

Need help? Check out our Support site, then

WordPress.com Forums » Support

UREGNT! My WordPress domain name has been hacked

robertbryndzawriter27
Member
Jul 21, 2012, 9:54 AM

My WordPress domain name has been hacked. I contacted WordPress Security just over 24 hours ago and haven't had a response or even confirmation of my query being received.

I have a WordPress blog and bought a personal domain http://www.robertbryndza.com through WordPress, valid for one year. It has been the main domain for my blog since December last year. Yesterday I logged in and found my domain is now pointing to another site, advertising it as for sale. I have run the domain diagnostics and the servers are showing as both pointing to this new unauthorised server AND WordPress?!

As well as the inconvenience of having to re-direct my blog to my old WordPress address I am deeply concerned that the security of my account and potentially my payment details have been compromised.

Could someone help? I have followed procedure and I first contacted Security who say they guarantee a response within 24 hours. This hasn't happened.

I'm very, very concerned. With thanks.

Robert Bryndza
Blog url: http://britishguyinslovakia.wordpress.com/
auxclass
Member
Jul 21, 2012, 2:07 PM

The only “hacked” sites I have seen here have been people getting the password somehow to a site so you do want to be careful how you log in and use a tough password.

You should also check to make sure that someone has not added a new user to your site. Problems have also happened when there was more than one Admin. and an Admin left on less than graceful terms.

Dashboard >> Users

There have also been a few Posts on “hacked” sites and it was because someone got the Post by Email address and using the Post by Email to send in new Posts, if you have Post by email disable the Post by Email and regenerate the address. Spammers have scripts the generate email addresses and they sometimes can get a valid address for a Post by Email address.

If you are really concerned you could as the staff to look at your site: http://en.support.wordpress.com/contact/

You could also use a secure log-in in case you are on an unsecured link: http://en.support.wordpress.com/https/

This has also been flagged for staff attention
timethief
Member
Jul 21, 2012, 2:29 PM

~~auxclass
@

robertbryndzawriter27
Go here > Users > All Users and delete any user that does not belong there.
Disable post by email > http://en.support.wordpress.com/post-by-email/
Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password
Go to your email program and change the password to a very difficult one
http://en.support.wordpress.com/security/
designsimply
Staff
Jul 22, 2012, 1:41 AM

Your domain has not been hacked. I reviewed your robertbryndza.com account, and I found that you have setup a domain mapping upgrade here at WordPress.com but the ownership of the robertbryndza.com domain was purchased through a different company.

What you should do is check your records to find where you originally purchased the domain and contact the registrar to ask how to renew your ownership.
robertbryndzawriter27
Member
Jul 25, 2012, 8:50 AM

Thanks to everyone for their comments/suggestions. I still have a problem though.

Firstly I have not added or had added any new users to my account. I am the sole user. I also do not post by email nor is it activated on my account. I use a secure server.

I have reviewed my purchase of the http://www.robertbryndza.com domain and I purchased it through WordPress, that is I took the advantage of registering this through WordPress last December, I didn't go through any third parties to buy this domain, I used the store/upgrades button through WordPress and I bought it for one year, expiring in December 2012.

It shows that I need to point the http://www.robertbryndza.com domain to the WordPress servers. I have run a diagnostic on the domain through WordPress and the servers point to the following;

DNS1.NAME-SERVICES.COM
DNS2.NAME-SERVICES.COM
DNS3.NAME-SERVICES.COM
DNS4.NAME-SERVICES.COM
DNS5.NAME-SERVICES.COM

Now my problem is I keep being told to go to the host of this domain to point the servers to WordPress. I can't do this. I didn't authorise the move away from WordPress, http://www.robertbryndza.com had been pointing to the WordPress servers quite happily since last December 2011. and was due to continue pointing to them until December 2012 when I was due to renew. I never asked or did anything to authorise it moving away from WordPress last week.

Please can someone help? I'm not a complete novice in computers. I know how to keep my sites secure and I know to always double check and trouble shoot before I go to a support site and ask for help, but something weird has happened with my domain name and I need some help.

With many thanks, Robert Bryndza
macmanx
Happiness Engineer
Jul 25, 2012, 10:56 PM

robertbryndza.com has never been registered through WordPress.com. It has only been mapped here.

The domain was first mapped here on December 16, 2011, and the mapping subscription is still good through December 16, 2012.

As for the domain's registration, a WHOIS report shows that the domain was registered through http://www.enom.com/ and eNom claims that the reseller registrar (the one you purchased the domain from) was http://uk.mrsite.com/ (via http://www.enom.com/help/reseller_lookup.asp ). We have no affiliation with either eNom or MrSite, so that is definitely not us.

Though your domain mapping is still good with us, your domain registration through eNom (or MrSite) expired on July 18. You'll need to contact the registrar in order to recover the domain.
robertbryndzawriter27
Member
Jul 26, 2012, 12:55 PM

Hi thanks so much for your help. I have fixed the problem, thanks to you getting to the bottom of the problem. Kind regards Robert Bryndza
macmanx
Happiness Engineer
Jul 26, 2012, 6:29 PM

You're welcome!