[wp-hackers] WP exploit , was Re: [Webmaster Central Help] Site hacked.
bradw at illiams.com
Wed Dec 2 18:58:30 UTC 2009
Also remember if you have multiple websites on the same hosting account they
may also be compromised and should be checked. Even if they aren't showing
signs of being hacked they could be.
From: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of mccormicky
Sent: Wednesday, December 02, 2009 1:51 PM
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] WP exploit , was Re: [Webmaster Central Help] Site
Look for wp-inclodes.php and fotter.php
(might be a different hack,though).
Check all file/folder last modified timestamps.
I found those above mentioned files in wp-content/uploads in a folder for
The last accessed stamp was for October so it tipped me off.
On Wed, Dec 2, 2009 at 1:30 PM, Jeremy Clarke <jer at simianuprising.com>wrote:
> It's also worth going through any media uploads added since the attack
> and making sure they are really images (downloading them to OSX and
> checking that they have thumbnails in them worked for me). Some might
> be PHP files that are being loaded somehow, depending on your server
> For the actual core files its definitely worth completely deleting
> wp-admin and wp-includes and replacing them entirely with pristine
> versions, nothing really to lose there.
> Jeremy Clarke
> Code and Design | globalvoicesonline.org
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
wp-hackers mailing list
wp-hackers at lists.automattic.com
More information about the wp-hackers