I woke up this morning and was ready to start working. I logged into my site to do a quick update and found that it had been hacked and was redirecting to some hacker’s page.
Here’s what I saw when I tried to log in to my WordPress dashboard:
Some time this morning a hacker, TiGER-M@TE, had hacked Inmotion’s servers today and in the process managed to take down hundreds of it’s users’ sites as well; mine included. It’s not the end of the world, but it certainly sucked a bunch of time out of my day that I can’t get back. I contacted Inmotionhosting.com’s tech support immediately but after a few hours with no response, I had to drop everything and try to correct the problem. I found that it had not affected one of my sites which is just an html-based site, but it had affected every one of my WordPress-based sites. In my case, I have a WordPress multisite network of sites and all were redirecting to this hacker’s page. The hack replaced all of my WordPress index.php files with it’s own. If this has happened to you and your site is still down, you just need to replace your index.php file in your WordPress install’s root directory (the root dir of your site unless it’s installed in a subdomain or subdirectory, then you just replace index files there).
Wordpress has a couple other index.php files that need to be replaced as well, and they are in the wp-content folder and wp-admin (if you don’t replace these, your attempts to log in to your WP dashboard will still redirect to the hacker’s page). The hack also installed an index.php page in the wp-includes folder which doesn’t belong at all, so just delete. If you have multiple installations of WordPress, do the same for each.
Here’s an article by TheUrbanCowboy.net who had the same problem today. He goes into more detail about fixing the problem and even includes an index.php file if you need one. I noticed that the content of the index.php files are different from the root directory file to the ones in wp-content and wp-admin however, so the best option is to move copies from the same location on your local backup if you have one.
You can also go get the entire WordPress installation here at WordPress.org/download.
We did a little looking around to find out about the hack and came across this interview with TiGER-M@TE by The Hacker News in case you are interested: Exclusive Interview with TiGER-M@TE (Bangladesh Google website Hacker).
Why? Who the hell knows? I wish I had the free time to sit around finding new ways to sabotage servers and websites for fun. Actually, I would never do that to anyone because it sucks! Hackers suck! If this guy had simply sent us all a message telling us that our servers and sites were not secure, this would have actually been useful. Instead, hundreds of people are wasting hundreds of hours fixing the vandalism done by some guy that doesn’t give a shit about anyone else.
So what makes a guy sit around finding new ways to waste everyone’s time? I just don’t get it. Is he actually having fun making us all angry and wasting our time? To me, this is just as bad as having your car keyed or your mailbox run over. It probably costs as much for some. I would be the first to vote in favor of a new law that would make hackers like this pay the hourly wage for the duration of downtime of everyone who’s site was hacked and had to blow off work to fix their malicious bullshit. I think there would be a lot less of this type of thing happening if it had a direct affect on the hacker’s wallet.