WordPress.org

1. Inspired2Write
   Member
   Posted 3 years ago #
   

   Hi,

   My 2.7.1 blog was attacked last week with the same script discussed here:

   http://wordpress.org/support/topic/210013?replies=8

   I've been removing the files that were attacked, and will need to probably do a fresh install. However, there are numerous files in my root that look suspicious and I'm unsure of, and I don't recall them being there prior to the attack.

   I'm wanting to remove the files, but not sure what they are, so I don't want to remove them without first knowing what they are. I'm only running WordPress on my site. There are 4 files, with the following names, and as mentioned above they are in my root directory:

   .alias
   .bashprofile
   .bashrc
   .cshrc

   Are those files supposed to be there, or are they from the attack that occurred on my site? Any help would be appreciated. Thank you!

2. Inspired2Write
   Member
   Posted 3 years ago #
   

   Bump - Anyone here able to help me with this issue? Thank you.

3. esmi
   Theme Diva & Forum Moderator
   Posted 3 years ago #
   

   Not sure about files 1 and 4 but 2 and 3 are standard on a Linux hosted site.

   The last post in:

   http://wordpress.org/support/topic/268083?replies=5

   has some very good advice on clearing up after a hack.

4. Inspired2Write
   Member
   Posted 3 years ago #
   

   Thanks esmi,

   I was just doing some further research and found the connection with Linux. I'll probably check with my host to ask them if those files are supposed to be there. Thanks for the reference to the above forum thread too.

Topic Closed

This topic has been closed to new replies.