WordPress.org

Ready to get started?Download WordPress

Forums

Hacking of wp-config.php resolved (1 post)

  1. unodewaal
    Member
    Posted 2 years ago #

    I've just managed to resolve a hacking issue that's popped up for the second time. I don't know what the exact issue is, or where it started, I'm hoping the community could help resolve this for me.

    Every once in a while my wp-config.php gets hacked and the following line gets added:

    require('/usr/www/users/SITENAME/wp-content/uploads/2009/05/themes.php');

    It's happened twice now, both instances also create the file themes.php.
    I then copy all the .jpg files in 2009/05, delete the other files created (it numbers in the hundreds of garbage files).

    Symptoms I normally get are:

      Links that get referred via Google end up on a blank page.
      There are links referring to movie websites in the footer
      The site load times double
      The homepage shows no new content - it stays the same as the first date of the hack.
      The admins don't see the hack at all, it only gets displayed to non-admins.

    I've locked my wp-config file to 640 now, as well as locked the 2009/05/ directory. I'd really like to know what the source of this hack is, so if anyone else has also experienced this, or knows how to solve it I would greatly appreciate it!

Topic Closed

This topic has been closed to new replies.

About this Topic