[wp-hackers] WP exploit , was Re: [Webmaster Central Help] Site hacked.

mccormicky mccormicky at gmail.com
Wed Dec 2 18:50:37 UTC 2009

Look  for wp-inclodes.php and fotter.php
(might be a different hack,though).
Check all file/folder last modified timestamps.
I found those above mentioned files in wp-content/uploads in a folder for
The last accessed stamp was for October so it tipped me off.

On Wed, Dec 2, 2009 at 1:30 PM, Jeremy Clarke <jer at simianuprising.com>wrote:

> It's also worth going through any media uploads added since the attack
> and making sure they are really images (downloading them to OSX and
> checking that they have thumbnails in them worked for me). Some might
> be PHP files that are being loaded somehow, depending on your server
> config.
> For the actual core files its definitely worth completely deleting
> wp-admin and wp-includes and replacing them entirely with pristine
> versions, nothing really to lose there.
> --
> Jeremy Clarke
> Code and Design | globalvoicesonline.org
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list