[wp-hackers] Reporting WordPress exploits?
Eric Marden
wp at xentek.net
Thu Feb 5 18:01:50 GMT 2009
>
> On Feb 5, 2009, at 11:19 AM, Mindshare Studios wrote:
>
>> Could you elaborate on how one might identify "where the injection
>> occurred"? What should I look for?
>
** Assuming Linux **
Also check the .bash_history files for the users on your site,
especially for users like the one your web server runs under, your
root user, and all others. Sometimes when they do cover their tracks,
they will forget that all commands run are saved in .bash_history
-e
More information about the wp-hackers
mailing list