Site been hacked? Can't acess wp-login

[belovedAunt]

Hi,

I set up a new installation of the latest version of Wordpress a week ago and now I can see the site blackfridaybargains/co/uk but when i go to the /wp-login or /wp-admin pages to log in, I just get a blank page with the word Zabbiiii on it.

I doubt the site has even been indexed by Google so I don't know how or why anyone would hack it? It only had the standard installtion plugins.

Any ideas of how to regain access to the admin area?

Thanks,

Ben

 

[vizzo]

If it was me I'd just unnistall wordpress and reinstall

 

[tifosi]

I agree. I'd just reinstall. I'd also be very carefull to check the file & folder permissions after the install. One click install has a nasty ability to set many files with write & execute permissions and folders with global write & execute.

 

[belovedAunt]

I agree. I'd just reinstall. I'd also be very carefull to check the file & folder permissions after the install. One click install has a nasty ability to set many files with write & execute permissions and folders with global write & execute.

Thanks, yeah I'll just do that. It didn't have any content in there yet so not much harm done. Has anyone experienced something similar? Just wondering what it might be, and how to protect the other sites on the same server. I install them using scriptalicious so it sounds like a good idea to then go into the FTP and tighen up some of the folder permissions?

 

[tifosi]

I mentioned this on another thread somewere. I did some plugin install work for a client a while back who used one-click install. Trouble with this is that you're at the mercy of the server set-up - and specifically the default umask settings.

The install I worked on was an abomination. All php (and js) files where 0755 (rwxrwxrwx) instead of 644 at most (and 0640 if the webserver owns the files). and folder permissions were all over the place. The only 0777 acceptable folder is the wp-content folder and inside that most others can be 0755 if the webserver is writing to them.

Hardening the install is something 99% of WP users never even think of... remember its a 5 min install as they like to say.

And be careful which plugins you use... the repository on wordpress.org is the first stop on checking for issues.

I'd also move the wp-config file one level up ie outside of the web root e.g. /home/xxx/wp-config.php instead of /home/xxx/www/wp-config.php. WP3 handles this seamlessly but most people don't realise this!

 

[Admin]

Install "Better WP Security" plug-ins once you get it back, plus anti virus.

Scan for timthumb vulnerability too.

Admin

 

[tifosi]

Blossom had some links for security tools which were good. Got an a+ on my install when added it!

With the enhanded image processing in WP3 there's really no need for timbthumb at all anymore. I've not used it at all on the plugin I've done.

 

[belovedAunt]

Thanks a lot guys, I must admit that I have been a bit lax on all the security stuff as most of my WP sites are just experimenting with a few different ideas.

That 'Better WP Security' plugin identified plenty of issues with my one half-decent WP affiliate site that I've spent a lot of time on - so I'm pleased that this gave me the kick up the ar$e I needed.

 

[Nova]

Thanks for the advice guys, just building my first WP site and installed the Better WP Security widget as advised. I'll give it a try later.