WordPress.org

Ready to get started?Download WordPress

Forums

[closed] Got Hacked by Badi (18 posts)

  1. Klapgeest
    Member
    Posted 1 year ago #

    Today I got hacked by Badi.
    Even my cpanel is down.....

    why and how do they to this???

  2. Andrew Nevins
    Barrel Rider, Spam Zapper & Volunteer Moderator
    Posted 1 year ago #

    Have you resolved the hack, is your website secure again?
    Which hosting service are you using?

  3. Klapgeest
    Member
    Posted 1 year ago #

    I have backed up my www folder with FTP and then deleted everything.
    Also made a support ticket @ my hosting previder (Ioniq). Maybe the problem is at their side??

    At installation of WP3.5 I already changed the admin login name and cannot think of what I've done wrong.

    Did experiment with plugings though, but all serached on the WP site...

    So, no, my website is not online anymore. As soon as my Cpanel works again I will install through Cpanel. Scared though if it will or can happen again...

  4. If cPanel is down, it's not WP, its your server.

  5. Klapgeest
    Member
    Posted 1 year ago #

    Ok tnx, will wait for support then!

  6. Klapgeest
    Member
    Posted 1 year ago #

    ok my hosting previder answered:

    Probably your website is defaced through an older version of WP, or a WP module which has a leak (I translated from Dutch)

    Is there a blacklist of modules/plugins which are provided by hackers and can cause damage??

  7. J87
    Member
    Posted 1 year ago #

    I have the same problem since 14:56 this afternoon, my website and all its subdomains have an overwritten index.php (that's where I see the time) with the same "Hacked by Badi" text. I don't use WP so I think there's an other cause. My website is probably on the same server from Ioniq. They didn't reply on my message to them yet.

    cPanel is up again by the way, this afternoon I also got an error there.

  8. khosh
    Member
    Posted 1 year ago #

    I had the same problem. A few of my customers who were all on the same server got hacked. The page presented a white blank background with the text "Hacked by Badi". It was an overlay text widget and easy to delete.

    The hack seemed to mess with the encoding. Umlauts weren't presented correctly but a forum posted the tip to edit out following line in wp-config.php:

    // define('DB_CHARSET', 'utf8');

    This worked for me as well. Going on to changing all passwords...

  9. Klapgeest
    Member
    Posted 1 year ago #

    OK, Iam back online.
    Ioniq replyed very quick and uploaded a backup.

    One problem in WP - Under widgets my sidebar has dissappeared..

  10. khosh
    Member
    Posted 1 year ago #

    The same has happened to my. I got three sites hacked, but only one fully. The two others only got char set changed to UTF-7.

    Here's more on the topic.

    http://wordpress.org/support/topic/calling-all-site-owners-hacked-by-walangkaji-badi-etc-need-some-help?replies=14

  11. J87
    Member
    Posted 1 year ago #

    Ioniq replyed very quick to me too and also restored a backup of yesterday by my request. Everything is up and running fine again.

    In their reply the wrote that an old version of Joomla or WordPress caused the possibility to get hacked.
    In my case this is not possible because I don't use these systems.

    What strikes me is that since today a few people on Ioniqs servers have these problems, so is this our fault or is there something else wrong?

  12. rossagrant
    Member
    Posted 1 year ago #

    Very strange that this has happened to sites that aren't even on WP.

    The plot thickens.

    Let's keep each other posted people!

    I'm working with my hosts and Securi to try to work this out.

  13. J87
    Member
    Posted 1 year ago #

    This morning at 5 o'clock I received an answer that the problems were solved. As far as I can see everything is okay now.

    Yesterday after they restored a backup I wasn't fully satisfied because the /cgi-sys/defaultwebpage.cgi page (where I was redicted to once by the hack) still showed the hacked page.

    It seems to me that they worked all night to fix everything, they admit that they have found some 'irregularities' and improved some security policies. They cleaned up all webspaces and restored some with backups.
    They don't say it like this and still give the advice to update our software/systems, but it strongly seems to me that something has happened on their side. However it must be said they were on it right away, even in the weekend and it seems to be fixed very fast.

  14. rossagrant
    Member
    Posted 1 year ago #

    J87, is there any chance you can get your hosts to elaborate on the irregularities so that we can let our hosts know.

    Let us know, but obviously don't post info directly here as we don't want to spread the vulnerability. If you can gather info, I'll drop you my email address.

    Thanks.

  15. Stevinoz
    Member
    Posted 1 year ago #

    Today I got hacked by Badi as well 7 websites, all on the same server, have a number of sites on a different server not touched, but have 2 wordpress sites on same server not hacked, will see if I can work out what the differences are.

  16. Andrew Nevins
    Barrel Rider, Spam Zapper & Volunteer Moderator
    Posted 1 year ago #

    These threads a getting a bit chaotic guys. If you're requesting support for your own issues, despite any similarities to this thread, can you please create your own threads. Otherwise it becomes really difficult to track down who's having which issue.

  17. rossagrant
    Member
    Posted 1 year ago #

    I think if the fix instructions in this thread dont work, then people need to create their own thread, if they DO work, then we need to collaborate to find out what this vulnerability is.

    Please don't close this thread as it is a means to keep each other updated about this.

    It clearly isn't isolated to just one host, one kind of setup, and is valuable for the entire community to be aware of.

  18. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    Very strange that this has happened to sites that aren't even on WP.

    It is obviously not a WordPress issue. To de-louse your WordPress sites, you need to work your way through these resources:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Additional Resources:
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/
    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

    Anything else is server-related and beyond the remit of these forums.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.