[wp-testers] Default.widgets.php Hacked? What to do?

Chris Jean gaarai at gaarai.com
Thu Jul 23 21:17:22 UTC 2009


Chris beat me to it. Good speed Chris.

I found others with this problem that weren't using WordPress, so it
isn't a WordPress problem. As Chris points out, it is a local virus
problem that steals your FTP credentials which then gives the person who
receives this information a blank check to do anything they want to your
site.

As Chris recommends, change all your FTP passwords. I'd also recommend
that you change your WordPress passwords and re-install WordPress to
ensure that all files are as they should be. You can easily do this by
going to Tools > Upgrade and then clicking Re-install Automatically. To
fully clean your WordPress install, you should remove and re-install all
of your plugins and themes. That would be the quickest, easiest way to
ensure that you don't have any hidden code modifications.

It is worth pointing out that even after doing all of this, it is
possible that new files were loaded onto your site that would allow them
to gain a foothold again. To fully remove all the changes, you might
have to make a complete copy of all the site files, delete everything,
do a fresh manual installation of WordPress, and then copy back your
wp-content/uploads files. Then you will need to reinstall all your
themes and plugins. At this point, you should go through all the
wp-content/uploads directories and delete any PHP files that you find.

This is a very good reminder that a compromised local system can
compromise your servers and websites. Make sure you keep your systems clean.

Chris Jean
http://gaarai.com/
http://wp-roadmap.com/
http://dnsyogi.com/



Chris Carter wrote:
> Saw this on WP.org
>
> http://wordpress.org/support/topic/281767
>
> Looks like a grumbman virus .. scan every PC you're using to FTP ... This
> happened to a WP site of mine that I accessed FTP on my sister's PC
>
> Fucking virusues ... It apparently searches for FTP cridentals, then
> transmits them..
>
> change your FTP PWD.
>
> On Thu, Jul 23, 2009 at 3:52 PM, Paleo Pat <tpblogeditor at gmail.com> wrote:
>
>   
>> Oh.... Whew! My heart was racing there for a second... :D
>>
>>
>>
>>
>>
>>
>> On Thu, Jul 23, 2009 at 4:50 PM, Navjot Singh <navjotjsingh at gmail.com
>>     
>>> wrote:
>>>       
>>> Sorry to mention..blog was on 2.8.1...didn't got time to upgrade...now
>>> upgrading.
>>>
>>> On Fri, Jul 24, 2009 at 2:17 AM, Paleo Pat<tpblogeditor at gmail.com>
>>>       
>> wrote:
>>     
>>>> yikes! Not good. Hope there's a patch soon.
>>>> _______________________________________________
>>>> wp-testers mailing list
>>>> wp-testers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>>>
>>>>         
>>> _______________________________________________
>>> wp-testers mailing list
>>> wp-testers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>>
>>>       
>> _______________________________________________
>> wp-testers mailing list
>> wp-testers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-testers
>>
>>     
> _______________________________________________
> wp-testers mailing list
> wp-testers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-testers
>   


More information about the wp-testers mailing list