TeenDomainer.com Hacked!

This is something that I never like to see but if you head on over to TeenDomainer.com you’ll see the following page:

teendomainer_hacked.pngIt appears that a hacker going under the name “Silent_Hell” has somehow gained access to Brian’s server/Wordpress Install and put-up this page. As someone that has had many sites hacked over the years I know how frustrating this is and I am reaching-out to Brian to help-out.

I have found that many of these hackers have .CN or .RU email addresses and can be very hard to track-down. This is one of the main reasons I use VaultPress which is a great WordPress plugin that constantly backs-up your blog when something like this happens.

While I will be lending a hand today I would also like to reach-out to any of my readers that have experience fixing hacked sites along and tracking down hackers like this. Brian is a really nice guy and TeenDomainer.com is one of my favorite blogs in our space so it’s always sad to see something like this happen to someone that is doing so much good for our community. If you want to lend a hand or have some expertise that might come in handy please comment below and I’ll pass your information along to Brian.

{ 11 comments… add one }

  • Jamie August 16, 2011, 11:50 am

    check the htaccess file, it’s the most commonly hacked file. Things can be stuffed into the header.php file as well or the uploads folder.

    Keep WP updated with the latest versions. Since Brian hasn’t been blogging much, that was likely the access point.

    Reply
  • Spike August 16, 2011, 12:09 pm

    I love WP but have stopped using it because of this very reason. You just can’t keep ahead of the hackers even with better security plug-ins.

    Reply
  • Morgan August 16, 2011, 12:09 pm

    @Jamie – excellent feedback and advice! I am connecting Brian up with my expert Admin that has helped to fix this for me as well so hopefully TeenDomainer.com will be back up and running again soon!

    Reply
  • Morgan August 16, 2011, 12:10 pm

    @Spike this is very true and one of the major downsides to Wordpress. For a blog I think you really have to stick with it, but for a regular website I completely agree. There are so many updates, bugs, plugin exploits, etc. with Wordpress that it can be a lot to keep up with!

    Reply
  • Spike August 16, 2011, 12:13 pm

    Here’s another option: Brian can contact his hosting company and request a site restore. You need to know approximately when the hack occured and be willing to lose some posts if the restore goes back a week or two.

    Reply
  • Jesse August 16, 2011, 12:36 pm

    uggg, that really sucks.. WordPress is a great platform but that also makes it a target… there are ways to mitigate the risk but that also involves keeping things updated and secure… the latest (and one of the scariest) exploits comes through the timthumb script that many themes are using to dynamically resize images… if you have a wordpress blog and have a file called timthumb.php or thumb.php inside your theme folder you need to update that like last week. heres a link to download the latest version of timthumb for reference (right click and save as) http://timthumb.googlecode.com/svn/trunk/timthumb.php

    Reply
  • Mr T August 16, 2011, 1:55 pm

    If he has a good host, the host will have weekly or even daily backups available. Have the techs load up their latest fully functional backup to his hosting account and update all wordpress plugins / core files right away.

    Reply
  • Teendomainer August 16, 2011, 5:36 pm

    Thanks so much hostgator fixed all of my sites! I even have no internet besides my phone and they did it for me. I will post a bigger update later.

    Reply
    • Morgan August 16, 2011, 6:00 pm

      That’s great news @Brian 🙂

      Reply
  • Jesse August 16, 2011, 6:14 pm

    Excellent news Brian, just remember that whatever vulnerability allowed this person to gain access is still there so updating and fixing any “holes” needs to be done asap.

    Reply
  • Nima.Co August 17, 2011, 12:23 pm

    I’m really sorry to hear about teendomainer.com getting hacked. Pretty cool that host gator was able to help you fix it though.

    Nima.Co was hacked on Sunday. The access point was the .htaccess file and the script that they used was supposed to keep the site active while redirecting all of my search engine traffic to a malware site . Luckily the hacker made a mistake in the process and took my site down and I was able to locate it in the htaccess and restore to a previous clean version.

    The url was: allowcompany.ru and the script looked like this:

    RewriteCond %{HTTP_REFERER} .*google.*

    The hacker listed a rewrite script for all major search engines and social networks. Great articles to read and learn from:

    http://blog.javacoolsoftware.com/2008/12/anti-virus-2009-search-engine-redirect-hacks/
    http://blog.unmaskparasites.com/2008/12/05/bogus-antivirus-2009-htaccess-exploit/

    I hope this helps everyone. It was a valuable learning experience for me.

    Reply

Leave a Comment