It looks like our nonprofit site using Habitat was hacked… here’s a screen shot:
We are restoring from backups now and rebuilding the lost work, but our hosting company claims there must be some vulnerability in the Habitat theme. They suggest we delete Habitat and use a different theme. I don’t agree, but I’m not a hosting or security expert. Seems to me it could as easily be a plugin as the theme itself…
We’ve been buying and using Kriesi themes for a while now and have good confidence in them… has anyone else seen this particular hack exploit before and do you have any suggestions about how to defend against it?
We’re using WP 3.0, and here are the plugins currently running:
Thanks everyone for any suggestions you might have!!!
It would be interesting what file permissions you set for plugin, theme, etc. directories. Often users forget to reset permissions after configuration and 777 is like an invitation for hackers.
Thanks for the follow up, Dude. Good point… We’re double-checking all those settings now, but on first glance it, I didn’t see any 777s.
The topic ‘HELP: hacked by Dos-Dz Team Defaced by protocol ?’ is closed to new replies.