Day that Ruchirablog got OWND

by Ruchira on January 29, 2011

Do you know that this blog got hacked about a year ago?

Yes thats real screenshot that I taken. Most interesting thing was that my friend told that something is wrong with my blog when I was at school. He used mobile phone to access to this blog.

On that day I was at school and my friend asked me

Hey what the heck that black page doing in your blog

I didn’t knew what he was talking about and I asked him I dont know maybe you visited wrong web site that’s impossible to have such page on my blog. ( He used a mobile phone so he didn’t saw that green lines mentioning “hacked by DZ ghosts” so he said black page )

It didn’t took me long to understand that my blog maybe hacked. So I immediately returned from school to home because if hackers got access to my wordpress instance they might have got my admin password and that means my emails,Online banking such all will get compromised. ***DAMN I used same password for all***

After about 30mins I got to home and ran to computer and opened my blog, SHIT it was hacked and I could hear audio song playing on my blog. It was broadcasting from .DE domain.

Login in to wordpress admin panel worked and so I realized that my data didn’t got erased.

What happened?

  • Hackers injected their codes to index.php it didn’t took much time to find out that. And after replacing codes from default wordpress files it worked.
  • I dont know why they targeted my blog. maybe came from google search by searching meta codes? But thats very small chance because they got in because I leaved my HOME DIRECTORY 777 CHMODED my bad!!!!

Lessons learned

  • Some times we need to chmod our directories 777 or 755 to make some changes of plugins and such. So make sure to set safe permissions if you changed it. Never leave it 777
  • If your web site got hacked first look at code of index.html or index.php that might be the only page that hackers changed.
  • Don’t use same password for all websites. Use a password which contain at least 10 characters with numbers.
I'm Ruchira Sahan and all posts on this blog are completely my thoughts and writings. I love DIY and Technology. So feel free to contact me for anything about this blog and don't forget to add a comment if this blog helped you! Thanks
View all posts by Ruchira

{ 4 comments… read them below or add one }

1 Kalana January 30, 2011 at 12:00 AM

Thanx god… hacker didn’t harm to any data.. i remember that day and your reactions dude. its been a tough time to you….. well finally we are here do some flash back. anyway thanks for your important guidance see you on skype…..


2 circus March 25, 2011 at 12:53 PM

Any more detail on how they inject the “index.php” ?


3 Ruchira March 25, 2011 at 8:13 PM

bad file permissions! 🙁


4 Noorani July 22, 2011 at 5:47 PM

woof… I should really change my passwords then. I also have the same password for all of my accounts(well, actually 4 passwords). The problem is I have many more accounts in many more places. 🙁


Leave a Comment

Previous post:

Next post: