My Site Hacked – Invasion by Twiddy

  • Author
    Posts
  • #3082655

    Hello WP Community –

    I just discovered that someone hacked into my website and made a subtle little edit on one of my posts (https://walkunafraid.org/2016/11/14/the-collaborative-scroll/) on August 7, 2017.

    The culprit – which appears to be someone working on behalf of twiddy.com – entered some text into one of my posts making it appear as though I was recommending their rental listing services!

    I have no idea who these people are or how they got into my site to make these unauthorized edits.

    Aside from changing my login info and switching to 2-step authentication, is there any other recourse or legal action I can take?
    This was clearly a violation.
    Have you had any / many other hacks like this?
    What do you recommend?

    Here’s the site edit according to the history section of my website.
    (Bold and underlined parts are mine, indicating the part of my post that was edited by the invader):

    As the Collaborative Scroll travels from place to place with help from the
    obx rentals
    , messages of pain, betrayal, and violation are shared… as well as words of hope, healing, wisdom and salvation.

    The blog I need help with is walkunafraid.org.

    #3082924

    timethief
    Member

    re: hacked accounts and blogs

    If anyone is posting anything to your blog or removing anything from it, or changing anything in it, or if your blog has been deleted and you did not delete it, then it’s most likely that you have provided them with the ability to do so, either deliberately by adding them as official users, or by allowing them access to your login information, or by posting content that makes it easy for them to guess what your log-in information is.

    For you, the question that needs to be answered is: Who, aside from me, has access to my login information?

    Go to your email program immediately and change the password to a very difficult one because that’s how many hackers gain access to blogs. Contact your email provider if required.

    Companies, organizations and groups of any kind do not own sites. Sites are solely owned by the WordPress.COM username account that registers them and who is the original Admin of the site. Only one Admin per site is recommended for exactly this reason: Nothing related to site-administration is off-limits for Administrators, including deleting the entire site. https://en.support.wordpress.com/user-roles/#administrator
    If applicable see Removing Users https://en.support.wordpress.com/user-roles/#removing-users

    Read > http://en.support.wordpress.com/security/

    Change your blog password to a very difficult one > http://en.support.wordpress.com/passwords/#change-your-password
    You can also reset your password via your Settings tab on the WordPress.com home page:
    http://wordpress.com/#!/settings/

    Disable post by email https://en.support.wordpress.com/settings/email-post-changes/

    Use a secure, encrypted connection to connect to your Dashboard. Under Users → Personal Settings, check the box that says “Always use HTTPS when visiting administration pages, and click Save Changes.

    Use two step authentication http://en.support.wordpress.com/security/two-step-authentication/

    Run a security scan on your computer. See here to run a security scan http://geekflare.com/online-scan-website-security-vulnerabilities/

    Never leave your computer logged into your blog and walk away from it. Always log out properly.

    Also, be aware that Staff have records of who did what under which username and login information and when they did it. I flagged this thread with modlook for a Staff follow-up. Please subscribe to it so you are notified when they respond. To subscribe look in the sidebar of this thread, find the subscribe to topics link and click it. Note that there is a backlog and be patient while waiting.

    #3082929

    Hi there,

    I checked your account and there is no sign of a different user accessing your account and making modifications. This is rather unusual – the link was so arbitrary…as if it were malware or something.

    What most likely happened is someone made the modifications to that post while logged in as you. So, if you signed into your account while on a public computer and didn’t log off, or if someone had access to your computer, it seems like the change happened under your username.

    The good thing is that it hasn’t happened since from the look of it. What I would recommend is definitely changing your password and setting up two step authorization. When something like this happens, setting up 2fa usually prevents any further hacking from happening.

    I will let you know if I find anything further, and let me know if you find any other modifications to any of your posts. But, Definitely set up 2fa if you have not already.

    Thanks!

The topic ‘My Site Hacked – Invasion by Twiddy’ is closed to new replies.