Diagnosing a Hack | WordPress.org

ciordia9
(@ciordia9)

12 years ago

A few weeks ago an old theme directory was compromised with an outdated TimThumb php file. They were able to modify the .htaccess file and create a temporary forward. I thought that was the extent of it but recently I found one post on the site which leads to a 247 pill site. It’s the only one I’m able to trace so far but I’m not quite sure how to diagnose getting the hack to stop. I’ve scanned a few hack articles that mention database sweeps but the locations are empty — so it’s not the same hack or maybe style.

Any other thoughts or do I need to do the top down full reinstall?

Viewing 2 replies - 1 through 2 (of 2 total)

esmi
(@esmi)

12 years ago

You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/

http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Thread Starter ciordia9
(@ciordia9)

12 years ago

Thanks, I’ve read through quite a few of those but there are a few I had not seen yet.

I ended up going file by file with the Script Exploiter tool and found 4 files that contained malicious code. They were all well meaning names. I don’t think the database is clean yet as if the files were still there obviously the hack would still be active.

Luckily we’re moving this site to a VPS of its own and doing so we’ll do a full rebuild and that should purge the rest of the hack.

Definitely taught us to keep up to date either chmod 000’ing out old deprecated directories or remove them all together.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Diagnosing a Hack’ is closed to new replies.

In: Fixing WordPress
2 replies
2 participants
Last reply from: ciordia9
Last activity: 12 years ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics