[wp-hackers] Reporting WordPress exploits?

Eric Marden wp at xentek.net
Thu Feb 5 18:01:50 GMT 2009

> On Feb 5, 2009, at 11:19 AM, Mindshare Studios wrote:
>> Could you elaborate on how one might identify "where the injection
>> occurred"? What should I look for?

** Assuming Linux **

Also check the .bash_history files for the users on your site,  
especially for users like the one your web server runs under, your  
root user, and all others. Sometimes when they do cover their tracks,  
they will forget that all commands run are saved in .bash_history


More information about the wp-hackers mailing list