My account was hacked and they're editing my site.
@auxclass thank you, and yeah that was done on my blog a while ago, a visitor was oversharing about her (I’ll be euphamistic here) personal life way too much. So many nuts in this world! :(
@toothless wow, scary stuff! Tomorrow I will probably laugh about this (assuming no more hacker stuff shows up) because the person was fairly benign except they put ads in my posts and put political agenda in the body of comments from friends – their grammar was terrible! LOL
@toothless otherwise for me, WP has been excellent generally speaking, my only complaints are that the site sometimes moves extremely slow (on days when all other sites are fine) and seems to have very very odd glitches, other folks have commented on that. However I realize a site like this is extremely hard to make perfect and anyway it’s free, although I’d be willing to pay for certain features. I value it greatly, our Vox community would have been destroyed otherwise.
My site was hacked five hours ago. The intruder first attempted “lost/changed password” for “admin” a few times, then registered and made him/herself an admin even though I have not allowed self-registration for some time. S/he renamed the site “babun,” renamed my theme from “Morning Coffee” to “babun,” and changed my main page to show a Guy Fawkes mask and an incoherent message about Allah and Facebook. I’ve put in a service request to Dreamhost to help me figure out for sure which code is the intruder’s and advise me about theme re-installation.
According to Sitemeter, the activity during that period included an entry from a Facebook page (which Facebook wouldn’t let me access for security reasons) and a visit of not quite 18 minutes. I have identified two IP addresses that may be involved.
I do have a registration under the Admin username, but I never use it, preferring to log in under another admin name, my username for posting. It was transferred to me by the previous blog owner. Besides deleting Admin and changing my username password, is there anything else I should be doing immediately security-wise?
Changing to a very secure password and making sure that there are no users that are not authorized should do it.
Also make sure that your computer is not left logged in and not attended, this also assumes you don’t have some sort of key logger virus on your machine. Some people get in trouble when they have some sort of auto-login and someone uses their computer.
Your domain has been hacked not your worpress.com account. It appears to be registered with dreamhost.com. You will need to deal with them to resolve the situation.
The login screen is http but the login form specifies an action as follows
<form class=”login” method=”post” action=”https://wordpress.com/wp-login.php”>
This means that the login is secure even though coming from an insecure page. I know that this panics some users, so perhaps WordPress could change it to a login button that goes to an https page. It would only be slightly more secure(*) but would give people the reassurance of seeing the https, the padlock, etc.
(*) In theory someone on your network could change the page being downloaded so that it sent your login details somewhere else instead of logging you in to WordPress. This is quite a small risk though, someone would have to compromise internet routing equipment to do it.
Thanks so much for helping me understand what’s happened, and for the advice. Yes, I have contacted Dreamhost.
@lynnf08- if you are talking about the site linked to your username http://www.citybarbs.com/ , then you are posting in the wrong forum as your site is not hosted on WordPress.com.
This is the help forum for WordPress.com blogs. It’s great you found assistance here, but for the future you should really be posting over at http://wordpress.org/support/ because the software we use here is especially engineered for WordPress.com and different from the standalone version of WordPress.
We don’t know whether it was a .com or .org site. It could have been a wordpress.com site with domain hacking. If you use domain mapping and your domain account with the registrar is hacked they can point it to anywhere.
In any case it is nether a .com nor a .org issue now, the only people who can help are the regstrar, in this case dreamhost.com
…then registered and made him/herself an admin even though I have not allowed self-registration for some time.
The above, not to mention that @lynnf08 mentions contacting dreamhost would lead one to believe it is self-hosted. We at wordpress.com cannot have “self-registration” but on a .ORG site you can.
And of course, nobody knows where Toothless’s blog is hosted. Sounds like a troll to me.
It looks like you are now inactive. Sorry I didn’t respond sooner. I’m trying to stay off wordpress.
raincoaster, I’m not a troll. Both of the blogs that have been hacked are on WordPress. If that’s what you mean. The artwork on the headers have been altered.
And you claimed “me too!” and we still don’t know where you’re hosted.
There are two types of wordpress sites. Those hosted here at wordpress.COM, and those that are self-hosted on third-party hosting services such as dreamhost, bluehost, etc., using the software from wordpress.ORG. Two totally different things.
My blog is hosted at WordPress.com.
What is the URL then? at least one of the people in this thread isn’t hosted at WP.com; it’s not possible for people to add themselves as Users to a WP.com blog.
Disable Post by email immediately if you think you’ve been hacked. Delete all people with User permissions you don’t want as Users. And do not re-enable post by email; that seems to be the weak link here. And change the password on your email as well.
And I’m sorry I called you a troll. It had been a very long day.
This occurred three years ago you did nothing, he has hacked my account, inserted a banner that I’ve screen shots of everything, inserts his articles, changes my articles, the banner he inserted just showed up on this page, I don’t know if you’ll receive this. He’s got blogs on WordPress , Simonthongwh.wordpress.com, is one, I think the other is Simonthg.wordpress.com, he deleted a Blog of men and I paid for a premium theme and haven’t used it yet! http://iamnobody.wordpress.com.
Help me this is so illegal the least you can do is ban him from word press. He changed my Avatar, inserted his on the sticky post front page.
Please help me,this is out of hand, I keep buying things from you and look what happens.
The topic ‘My account was hacked and they're editing my site.’ is closed to new replies.