[wp-hackers] Pharma hack

Hal Burgiss hal at burgiss.net
Sat Sep 28 14:37:21 UTC 2013

On Sat, Sep 28, 2013 at 4:09 AM, Steve Taylor <steve at sltaylor.co.uk> wrote:

> A site I run just got hit by the "pharma hack". There was a common.php and
> a /coockies/ directory in the root, and a modification to .htaccess
> rerouting all search bots to common.php - encoded but obviously stuffed
> with spam keywords, which were appearing in Google's index.
> I've cleaned up and all seems fine now, but obviously it'd be good to
> identify the point of entry and be sure.
Definitely. But why is .htaccess writable in the first place? Root
directory? From a systems administration standpoint, the only directory in
a default installation that should be writable is the uploads folder. That
by itself doesn't stop everything, but it stops a helluva lot of stuff.


More information about the wp-hackers mailing list