[wp-hackers] WP exploit , was Re: [Webmaster Central Help] Site hacked.

Tim Schoffelman tim at silentgap.com
Fri Dec 4 17:28:27 UTC 2009


I've had something very similar w/the base64 happen to a client of mine. We
ended up creating a separate clean install, and then fresh versions of all
his plugins, then cleaned up his theme folder (which we had a fresh copy in
subversion (SVN)). We also notice it wasn't only WordPress files that were
infected, but other non-WordPress php files as well, so we had our client
change their FTP password & db username / password as well. Since taking all
of these step's, we haven't an issue since. Sounds like you're heading down
the right path.



On Thu, Dec 3, 2009 at 9:26 AM, Pete Mall <pete at jointforcestech.com> wrote:

> Could you share the exploit files with us. Also, what type of hosting are
> you on and the structure of the sites you have on this hosting account.
>
> --
> Pete Mall
> developersmind.com
>
>
> On Thu, Dec 3, 2009 at 3:43 AM, Malaiac <malaiac at gmail.com> wrote:
>
> > Most hacked files were actually plugins files in another install of
> > wordpress (on a subdomain), while the subdomain itself was not
> > actually hacked (or not so obviously).
> > I'm going to rm * and make fresh installs on both subdomains.
> >
> > M
> >
> > 2009/12/2 Brad Williams <bradw at illiams.com>:
> > > Also remember if you have multiple websites on the same hosting account
> > they
> > > may also be compromised and should be checked.  Even if they aren't
> > showing
> > > signs of being hacked they could be.
> > >fo/wp-hackers
> > >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list