Page 1 of 2 12 LastLast
Results 1 to 25 of 27
  1. #1
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    Hacked by BaDBoY-ALbania
    I got the nasty message when trying to open one of my blog page today:

    "Hacked by BaDBoY-ALbania"

    What is it? How to get rid of it? Help please!!!


  2. #2
    ABW Ambassador 2busy's Avatar
    Join Date
    January 17th, 2005
    Location
    Tropical Mountaintop
    Posts
    5,636
    You can find some help at StopBadware - Tips for Cleaning & Securing Your Website it covers malicious hacks and what to do.

    Good luck!

  3. #3
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    Thanks 2busy for your quick response and the link...

  4. #4
    ABW Ambassador ladidah's Avatar
    Join Date
    October 15th, 2007
    Location
    MA
    Posts
    1,888

  5. #5
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    Quote Originally Posted by mayfly View Post
    I got the nasty message when trying to open one of my blog page today:

    "Hacked by BaDBoY-ALbania"

    What is it? How to get rid of it? Help please!!!

    A busy fellow that creep. Doing a search on the string you gave with quotes came up with over 2,700 other suffering sites.

    I wonder how many of those search results lead to infected sites. I clicked one result and my NoScript add-on didn't like anything there. Looking at the cached pages should be ok I guess. Sorry to hear of your troubles Mayfly.
    Last edited by John Powell; January 28th, 2011 at 12:57 AM.


  6. #6
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    Quote Originally Posted by John Powell View Post
    A busy fellow that creep. Doing a search on the string you gave with quotes came up with over 2,700 other suffering sites.
    Why don't these bad guys give us a break!!

    My night was officially ruined. Other than reading and searching for solutions, I've also contacted my hosting company and see what they say about it.

  7. #7
    ABW Ambassador ladidah's Avatar
    Join Date
    October 15th, 2007
    Location
    MA
    Posts
    1,888
    Sorry to hear, mayfly. It does suck.

    Was you blog the latest Wordpress version, or fairly recent?

  8. #8
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    Quote Originally Posted by ladidah View Post
    Sorry to hear, mayfly. It does suck.

    Was you blog the latest Wordpress version, or fairly recent?
    It is the lastest version. I just checked. It says my WP version is up to date.

    Luckily my main site was not hacked. That's just a blog page I added to my main site several months ago. To be honest, I never like WP sites. I do better with my traditional html pages. This incident gives me another reason to not to blog at all.
    Last edited by mayfly; January 28th, 2011 at 01:12 AM.

  9. #9
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    If your WP is up to date, they got in through your theme or a plugin.
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  10. #10
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    My hosting company responsed fairly quick. The support person said it was caused by hacked theme of the WordPress. He resored the them and suggested me to use another theme. Thank god he just saved me one big headache trying to find the bad script. I should thought about the theme right away. I was so scared that couldn't think straight.

    Thanks to all for your help.

  11. #11
    15 years and counting
    Join Date
    January 18th, 2005
    Posts
    6,121
    Contact your host. They may be able to tell you which files were compromised.
    If you have the latest version of WP, more likely the probleme is coming from your theme. (it could come from a plugin, too)
    If you have a fresh version of your theme, use your ftp, or cpanel/whm, to delete it on your site, then upload it again.
    Look at .htaccess for any change. They have to redirect your site to their screen of death.
    I had that problem several times with different versions of BaDBoY-ALbania or baDsectQr ~ Dracula ~ PoLoNia.

    Good luck.
    Edit: loxly was faster than me.
    Last edited by Zeus; January 28th, 2011 at 01:28 AM.

  12. #12
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    Loxly and Zeus both nailed it. It was the theme's problem. I only use the themes provided by WP site and thought they are safer...I guess not. Bad guys are everywhere.

  13. #13
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    Glad they found it and you might want to post what theme you were using so others can avoid it. And get a different theme right away direct from the WordPress.org repository.
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  14. #14
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    Quote Originally Posted by loxly View Post
    Glad they found it and you might want to post what theme you were using so others can avoid it. And get a different theme right away direct from the WordPress.org repository.
    The theme is call "My Sweet Diary". It is from WordPress.org. Like I said, I thought the themes from WordPress.org are safe to use. Apparently not.

  15. #15
    15 years and counting
    Join Date
    January 18th, 2005
    Posts
    6,121
    They are safe to use but hackers are always looking for new vulnerabilities.
    What Wordpress (or others) should do is to make public the addresses of these hackers, just to thank them...
    Edit: I forgot to add: Ask your host for the ip address of your hackers. If you use cpanel you can block this ip. Once they have your site on their list, they will come back.
    Last edited by Zeus; January 28th, 2011 at 02:00 AM.

  16. #16
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    Quote Originally Posted by Zeus View Post
    They are safe to use but hackers are always looking for new vulnerabilities.
    What Wordpress (or others) should do is to make public the addresses of these hackers, just to thank them...
    So is it the theme designer the hacker or somebody else hacked into the theme?

    If it is the theme designer the hacker, I probably should report to WordPress and maybe they can ban the designer. If it is somebody else hacked into the theme, it will be hard to catch the hacker and I don't want to accuse the innocent designer.

  17. #17
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    Quote Originally Posted by Zeus View Post
    Edit: I forgot to add: Ask your host for the ip address of your hackers. If you use cpanel you can block this ip. Once they have your site on their list, they will come back.
    Ah, good point! Will check with my hosting company right away. Thanks Zeus.

  18. #18
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    When going through themes on WP.org look for newer ones that are compatible with the current version. I use thesis so haven't looked through there lately. I did read a blog post recently that said that there are lots of outdated themes on WP.org.

    It most likely was not the theme author, but there was a vulnerability that exists, so I would still report the theme as being hackable.
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  19. #19
    ABW Ambassador CathyM's Avatar
    Join Date
    May 30th, 2006
    Location
    Torrance, CA
    Posts
    893
    Quote Originally Posted by mayfly View Post
    Luckily my main site was not hacked. That's just a blog page I added to my main site several months ago.
    If it's on the same domain, once they hack the blog, they may have access to your entire site. That happened to me about a year ago with an earlier wordpress version. The hacker left a trap door and kept inserting hidden code on my home page. My hosting company helped me track it down and fix it.

  20. #20
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    Quote Originally Posted by CathyM View Post
    If it's on the same domain, once they hack the blog, they may have access to your entire site. That happened to me about a year ago with an earlier wordpress version. The hacker left a trap door and kept inserting hidden code on my home page. My hosting company helped me track it down and fix it.
    I contacted my hosting company as Zues suggested to track down the IP addresses. They've found 2 IP connections, one is mine, the other is located at Ukraine(according to G search). I've asked my hosting company block it. Haven't heard back from my hosting yet. Hope the hacker will go away.

  21. #21
    ABW Ambassador purplebear's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,960
    Reaaaaaaally sorry Mayfly that this happened to you I thought the same as you that everything would be ok with the theme coming from WP itself.

  22. #22
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    Quote Originally Posted by mayfly View Post
    I contacted my hosting company as Zues suggested to track down the IP addresses. They've found 2 IP connections, one is mine, the other is located at Ukraine(according to G search). I've asked my hosting company block it. Haven't heard back from my hosting yet. Hope the hacker will go away.
    If they have a good firewall they should have already blocked that IP. Be sure to follow up and ask if they did. One of the things I love about my VPS is the ability for me to block bad IPs manually, but the firewall stops most of the bad stuff all by itself.
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  23. #23
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    I wonder if stuff like this would help - http://builtbackwards.com/projects/tac/

    WordPress -->> Check Your Themes Code... - ABestWeb Affiliate Marketing Forum

    If that was the issue?

    A plugin to check the themes you have for possible issues. I used it on one blog and deleted all the themes with junk/encrypted code. Now after awhile, I found a few themes I like and are clean and basically stick to those.
    Last edited by Trust; January 29th, 2011 at 01:14 AM.

  24. #24
    Life is Supposed to be Fun! Rexanne's Avatar
    Join Date
    January 18th, 2005
    Location
    Los Angeles
    Posts
    12,360
    Wow Mayfly, that truly sucks. So sorry :-(

    Makes me leery of using blog software at all. :-(
    Peace,

    Rexanne

    Rexanne.com
    Loving Everyone's Child Creates Magic


  25. #25
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    Quote Originally Posted by Rexanne View Post
    Wow Mayfly, that truly sucks. So sorry :-(

    Makes me leery of using blog software at all. :-(
    Any software is hackable.

    Trust, that is a good recommendation. With any software, checking for vulnerabilities is a good idea.
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

+ Reply to Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. I've been hacked!
    By Ron Bechdolt in forum Midnight Cafe'
    Replies: 14
    Last Post: May 17th, 2006, 07:52 PM
  2. I've Been Hacked!
    By Cheesehead in forum Midnight Cafe'
    Replies: 8
    Last Post: January 16th, 2005, 07:05 AM
  3. Ever been hacked?
    By sloth in forum Midnight Cafe'
    Replies: 7
    Last Post: August 11th, 2004, 02:34 AM
  4. hacked??
    By tamalyn in forum Midnight Cafe'
    Replies: 4
    Last Post: November 29th, 2003, 06:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •