[wp-hackers] WP exploit , was Re: [Webmaster Central Help] Site hacked.

Brad Williams bradw at illiams.com
Wed Dec 2 18:58:30 UTC 2009


Also remember if you have multiple websites on the same hosting account they
may also be compromised and should be checked.  Even if they aren't showing
signs of being hacked they could be.

-Brad

-----Original Message-----
From: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of mccormicky
Sent: Wednesday, December 02, 2009 1:51 PM
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] WP exploit , was Re: [Webmaster Central Help] Site
hacked.

Look  for wp-inclodes.php and fotter.php
(might be a different hack,though).
Check all file/folder last modified timestamps.
I found those above mentioned files in wp-content/uploads in a folder for
June.
The last accessed stamp was for October so it tipped me off.





On Wed, Dec 2, 2009 at 1:30 PM, Jeremy Clarke <jer at simianuprising.com>wrote:

> It's also worth going through any media uploads added since the attack
> and making sure they are really images (downloading them to OSX and
> checking that they have thumbnails in them worked for me). Some might
> be PHP files that are being loaded somehow, depending on your server
> config.
>
> For the actual core files its definitely worth completely deleting
> wp-admin and wp-includes and replacing them entirely with pristine
> versions, nothing really to lose there.
>
> --
> Jeremy Clarke
> Code and Design | globalvoicesonline.org
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers




More information about the wp-hackers mailing list