Wordpress Blog Hacked By Rea_Perz

[Fledgeling]

The index.php page to my blog (hosted on heliohost) has been replaced and the site now opens defaced with text stating;

 

"Rea_pErz was here. Contact me : hackreaperz@gmail.com Just Smile "

 

It looks fairly innocuous, but I'd have to be an idiot to assume that they're only doing what they imply they are. Obviously there is no way I'm going to go emailing this...person..., but does anyone happen to recognise this attacker as falling into a particular attack type?

 

In other words, how paranoid should I be about this kind of infestation?

 

I did take the security advice for setting up the wordpress installation in the first place - strong passwords and user names, latest version of WP, minimal active plugins etc, but evidently wasn't quite careful enough. *sigh*

 

I'll be scanning my computer, just in case, and (since I've got recent backups) probably doing a clean install of wordpress with new user-names, passwords and table prefixes, as I can't face searching through all the WP files for hacker-droppings (I can still get into my Heliohost account to delete/amend files directly, so I'm not stymied there).

 

What does concern me, is that as it was a private site, I'd tried to keep it out of the search listings - in fact, searching for the full site address on Google still doesn't bring it up in the first three pages, so I thought I should probably post the issue in the forums, in case it's someone poking through the heliohost subdomains to see who's vulnerable.

 

Apologies it this is the wrong area for this post - it's not really a customer support issue, nor exactly feedback, more a heads-up (and a small whine, as this really wasn't what I wanted to be doing on the last day of my Bank Holiday weekend :-(

[Ice IT Support]

I think this is the perfect place to post this kind of topic. I had the same problem once. Someone replaced my index page with their own. I simply re-uploaded my backup index page and all is well. Re-installing Wordpress is a great idea. Your recovery plan will work for this situation.

 

A few years ago Stevie or Johnny (I can't remember which one, maybe both) was attacked and anything with the word "index" was replaced/deleted. That is when you should become very, very worried. But that situation was a server-wide issue, therefore it was a customer support issue. This hasn't happened for at least one year and I trust HelioHost is protected enough to prevent this.

 

Best wishes recovering your site!