Got hacked by rr.nu

I was a little surprised this morning when I logged onto my website and was forwarded to some random-ass website.  Needless to say, I realized my site had been hacked.  So, the first thing I did was move the entire wordpress website into it’s own directory called hacked and put up a temporary index.html page for people to hit as I worked on fixing the problem.

After a bit of searching I found out that some Russian jokers have been hitting all the WordPress blogs through some plug-ins and were inserting these large random blocks of base64decode(‘ a lot of crap’) and it was forcing the hacked sites to forward people to their own sites.

On github I found a vaccine for the rrnu hack.  You can download it here.  You just need to put it into your root directory with all the WordPress files and run it.  It should remove the hack from all your files and you’ll be good to go. Of course, I’d make sure you harden your blog some and change all your passwords!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>