Alltop. I don't know how I got there either. * Don't forget to sign in using Facebook Connect ==>

They Hacked My Wiki!

by Mike Mueller- builder of Custom Facebook Business (fan) Pages

in Blogging, Technology

And they could have hacked my WordPress blog.

Have they hacked yours?  Would you know?

Here’s how to find out.  Go to Google and enter “site:http://YOURSITENAME.com ” obviously inserting your site name.  Mine currently shows about 250 pages.

That will show you every page Google has indexed of yours.  You can sift thru all those pages or…

Now add  “+spamword” to the search. That’s how I found the above hacked page. Now try a different word, as in Viagra, and another…

OK, how did this happen?

In my case I had setup the wiki in full open mode.  I had installed it (months ago) and then moved on to other things.  (I also have a typepad, a Joomla, and a few other test beds running quietly behind the scenes).

Have a WordPress Blog and this happened to you?

Here’s what might have happened: Somehow the hacker got into your WordPress control panel or gained access into some specific files in your server.   How?  It could have been a Plugin that you installed.  Once installed, he will insert some PHP code in one of the files, create a different sub-plugin, or create a fake .jpg image that will function like a plugin.

How do you protect yourself?

  • Use only safe trusted plugins from reputable companies or people.
  • Use a current (updated) version of WordPress.  They fixed this security hole.
  • Change your login password.
  • Check out your server file tree via FTP – look for folders that shouldn’t be there.
  • While in FTP – look in your image uploads for strange pics you didn’t put there.
  • You can also look on your plugin control for strange plugins.
  • If you are really geeky – check out your theme files for .php that shouldn’t be there. (not for the average user)
  • Always have a backup. I use a plugin called WP-DBManager which emails me once a week a complete backup zip file (to a separate Gmail account).  Worst case scenario – I’d lose a week of posts. I could set it daily or hourly as well.

Don’t have WordPress? This popular hack was made popular by hacked WP blogs but was and is open to most all platforms (including wiki’s).

Plugins are a big part of what makes the WordPress platform so wonderful.  I wouldn’t shy away from a WP blog or go Plugin Free just because of this.  Just be mindful and safe in what you add and always have a backup!

Related: Why have a wiki?

Related articles by Zemanta
Reblog this post [with Zemanta]

Related Posts with Thumbnails

Welcome Back! - You've been missed! : )
Like this post? 2 ways you can help spread the word...
Facebook Sign in using Facebook and leave a comment
        Instant Comment Approval too!
Twitter Leave a comment and "Tweet this post"
Comment Policy | Privacy Policy or at least just Skip Something!  Skip Something!

Tagged as: blog, FTP, Google, On the Web, PHP, Plugin, Weblogs, WordPress

  • Great headline! One friend mentioned a similar thing about plug-ins so I always peruse through each plug-in's web site and see how many times it was downloaded.

    Other than that, what should we do to protect ourselves?
  • The best thing I've done is setup the Google Alert. Peace of Mind, but yes, that's reactionary.
    The newest versions of WP have built in Bad Plugin Protection.
    Here's a great article on Plugin Code
    http://planetozh.com/blog/2009/09/top-10-most-c...
blog comments powered by Disqus

Previous post:

Next post: