Wordspanss blog hacked by sec-w.com or IQ Team.
Few days before, when i tried to access my blog at http://blog.saketjain.com , i found that something got changed over the blog, all widgets disappeared and it was looking something different.
Then i thought to check by logging into wp admin panel, but i was surprised to see that my username and password was not working, then i reset my username and password to login, and the most surprising thing i found out is that the login-name to my wordspanss account is changed to "sec-w.com", Oh i looked at few posts on Google and found out that my blog is hacked by sec-w.com. Since the server on which my which my website was hosted has encountered an outage the last day due to hard disk failure and most probably they got access to my php files during the same outage, what I think the reason could be ? However I am not sure if that’s right.
So the first point to check for and to correct is to change the wordspanss password in the admin panel. The other thing what I have changed my mysql login password, because I suspect that they might be aware of the password.
I am very sure that the major issue is now correct and was happy to see that. But next day I have seen that my website title is hacked by some IQ Team and it contains the text “hacked by IQ Team”, oh to my surprise I thought to do some more troubleshooting.
So I have also checked the mysql database to search for “update/sec-w” strings to identify any script lying there but everything seems to be clean. I have changed my wordspanss login ids back to the original in mysql database. After the change of userid, the site seems to be clean, but I suspect of any php script, they have copied somewhere on the server and was taking the access through that loop hole. If someone is aware of any such loop hole then please share over here. I would go ahead with clean re-build of this blog page and will copy this data to somewhere else for troublehooting.