Blog Hacked

[basshook]

Just visited my blog after not being to it since mid April and see that it was hacked somehow. Using version 1.5.5. When I tried to go to my blog page I got sent to the installation page (see below) so I am assuming the hacker didn't really get it right whatever he/she was trying to do. When I checked my database I'm seeing links to .ru among others inside my serendipity_referrers, serendipity_refs, serendipity_suppress database tables so I've deleted all the files from my server. I want to install the 1.6.2 version and was wondering if I could just upload the existing database after removing all the bad data to the new version or should I just copy over my posts? Hopefully I won't have to start over. Is the bullet proof theme compatible with version 1.6.2? I've modified mine quite a bit.

[yellowled]

JIs the bullet proof theme compatible with version 1.6.2? I've modified mine quite a bit.

I can't really give an informed opinion on the rest of it, but yes, Bulletproof works just fine with 1.6.2.

YL

[basshook]

Thanks Yellowled, I installed a fresh version of 1.6.2 and just copied over my upload files/folders, template changes, and added all my comment/post/category/image data to the new database and everything seems to be working fine. Whew...

[garvinhicking]

Hi!

This sort of hacking more seems to me like a FTP-account hijacking, rather than a targeted s9y exploit.

You should definitely reset your FTP password, if you didn't already do so, and do a trojan/virus scan on all computers that you used the FTP access on.

Regards,
Garvin

[basshook]

Thanks Garvin, changed the password but the scan found nothing on the computer that I use.