I was newbie hacked, Internal Server Error 500
I was away from my computer today for two reasons, (1) I went to attend the Ipanema Walk and (2) PLDT’s internet connection is acting up again. I wasn’t able to monitor my sites during the time that I was away. I was not aware that some “newbie” hackers are already playing with this site while I was enjoying the afternoon outside the confines of my apartment.
When I went online, my Photo Blogger friend buzzed me on YM informing me of my site’s state. This is what my site looks like after it was hacked:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, xxxxxx@xxxxxxxx.xxx and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at xxxxxxxxxx Port 80
500 Internal Server Error (Error 500)
I’m not sure how the hacker penetrated my blog. The only thing I’m sure of is how to fix my broken blog.
I immediately checked the log files of my blog and found out that the file permission (CHMOD) of all my wordpress files was changed to 777. For a web application running with 777 permission, it’s not a good thing. Apache automatically declares an internal server error whenever a cgi is configured with 777 (index.php in this case). I have to reconfigure every php file in my wordpress directory back to its correct permission to have my site up and secure. It took my a while to finish everything.
The hacking incident was not that serious. All my files were safe, I was able to restore my site in a few minutes, and the only casualty I got were the hits lost during downtime. But safety precautions must be taken into consideration to prevent further similar incidents (or even incidents worse than this).
I guess I should start writing tips on measures on how to prevent hackers from hacking your site.
Additional Note: For those who are running Avira in their PCs, you might be having problems opening my blog. Apparently, Avira thinks that my blog contains malicious content. I already sent a report to Avira but they did not respond yet. I recommend that you by pass the warnings sent by the Avira Anti Virus. Rest assured that browsing my blog won’t bring harm to your computer. 
UPDATE
Apparently, this incident was not caused by a hacker. It was caused by one of the engineers working for my web host who messed up with the server’s CHMODs. LOL.
Related posts:
Tagged with: 500 Internal Server Error, anti-hacker, Avira Malicious Script, Avira Virus, Error 500, fix hacked wordpress, hack wordpress, hacking tips, Internal Server Error, prevent hacking, site hacked, wordpress hacked
Originally sharing his experiences of being a "yagit" in Davao, he now tries to find his luck in the busy district of Makati. He still finds time to blog and go on weekend trips despite his hectic schedule. Join Batang Yagit, now that he has developed from "rags" to a more abundant supply of rags.
Oh noes. Thank God nothing really that serious happened or else (doh)
Buti nlng un lang ginawa. Could have been worse.
Ingat palagi yagiiit..
i wonder if the hacking was caused by some defective or buggy plugins, this exploits could be used as an attack vector.
Oh No! Is that really possible? Pano to maprevent? website-idiot pa naman ako…. hala……
Di naman pala ko mahahack.. di naman popular website ko…..
well.. ayoko pa rin mahack no…. ikamamatay ko!!!!!
WOW!
Ang galing mo talaga Batang Yagit…^_^
I have no idea…
Yong mga hackers na yan.
And paano makita na hacked ka na pala..
Good thing they didn’t mess up your files and other stuff. Like what J. said, it could’ve been worse. Anyways, its good that you were able to find out about it quickly and fix it.
Situations like these is a good reminder for all of us to always have backups both online and offline so if anything happens, you can always restore you blog back.
I recommend the WP DB Manager plugin which automatically creates backups of your blog. It can even send the backup file to your email account. The plugin also lets you optimize or repair your WP database. Really cool plugin.
yeah. but it took a lot of time before i learned about the incident. >.<
WPDB Manager don’t work for me anymore. I use msqldump to back-up my database. hehehe
Was it really a hacking incident or just a server failure? One thing you must consider is that if you’re sharing a server with other users, vulnerabilities in their apps are effectively your holes too.
Good thing nothing malicious was done.
i learned from the webhost last night. it’s one of their engineer’s fault (doh)
Waw, I didn’t know these things can happen for a blog. It’s good to know you knew how to fix it. If this happened to me, I’ll be panicking!
So its one of their engineer’s fault? LOL they should refund you or give you a month’s hosting for free.
Anyways, what do you mean WP DB Manager doesn’t work for you anymore? You don’t find it effective or it gives our errors?
Help! I just had the same thing happen to me. My blog worked fine a couple of hours ago. Now I can even access it, getting an internal server error message instead.
Can anyone help me?
Here’s the message I get:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@internetmoneymachine.hotinfoproductreviews.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at internetmoneymachine.hotinfoproductreviews.com Port 80
Oh man! Please disregard the above post. Turns out there was a problem with my hosts server. I’m very grateful.
careful sa mga hackers Yagitt
Change your password regularly..ingatz po sa susunod.