I got ha ha hacked
I had a security breach on the blog over the Christmas period. To cut a long story short two black hats named HcJ and cyb3r-1st compromised another site on the shared hosting server, they decided to deface my blogs for a short period of time while they were at it. After talking to both of them regarding the breach it turns out they are nice guys (a bit misguided), they told me how they breached the server so that I could pass the information on to the hosting provider for them to patch it.
At first I thought it may have been a WordPress 0day that they used to compromise my blogs, so I set about hardening my Wordpress installation. Changed all passwords, delete all files/reinstate files from backup, installed security plugins, revised file permissions, etc.
Security plugins installed:
Chap Secure Login
Log User Access
Wordpress Firewall
WP Security Scan
Here’s a great article by Wordpress on how to harden your installation:
http://codex.wordpress.org/Hardening_WordPress
The zone-h defacement mirror:
http://www.zone-h.org/mirror/id/10039957
In this instance there is very little I can do to protect the server as it is not owned by me, the best I can do is change/preasure the hosting provider and secure my web applications.


