WordPress.org

1. n2fisher
   Member
   Posted 11 months ago #

   My wordpress site, http://steadfastlutherans.org, was hacked yesterday.

   My host, 1and1, shut off the site after getting a massive number of spam email reports that originated from my site. Their analysis said that the emails were being sent trough file:

   ./steadfastLutherans/wp-comments-post.php

   I looked through the first page of comments here; are there any other reports of hacking of this file?

   Any clue what I need to do to restore commenting to my site, without again allowing people to spam through the site?

   The file is the same size as other installations that I have, but 1and1 has disabled the file for now. Comments are therefore disabled on my site.

2. n2fisher
   Member
   Posted 11 months ago #

   This item from my log appears suspicious -- anyone figure out what it is?

   46.165.192.91 - - [17/Jun/2011:04:33:32 -0400] "GET /?p=1202+%5BPLM=0%5D+GET+http://steadfastlutherans.org/?p=1202+%5B0,56923,71199%5D+-%3E+%5BN%5D+POST+http://steadfastlutherans.org/wp-comments-post.php+%5BR=302%5D%5B0,0,764%5D+-%3E+%5BN%5D+GET+http://steadfastlutherans.org/?p=1202+%5B0,0,71945%5D+-%3E+%5BN%5D+GET+http://steadfastlutherans.org/?p=1202+%5B0,0,71925%5D HTTP/1.0" 200 94339 steadfastlutherans.org "http://steadfastlutherans.org/?p=1202+%5BPLM=0%5D+GET+http://steadfastlutherans.org/?p=1202+%5B0,56923,71199%5D+-%3E+%5BN%5D+POST+http://steadfastlutherans.org/wp-comments-post.php+%5BR=302%5D%5B0,0,764%5D+-%3E+%5BN%5D+GET+http://steadfastlutherans.org/?p=1202+%5B0,0,71945%5D+-%3E+%5BN%5D+GET+http://steadfastlutherans.org/?p=1202+%5B0,0,71925%5D" "Mozilla/4.76 [en] (Windows NT 5.0; U)" "-"

3. n2fisher
   Member
   Posted 11 months ago #

   Is there somewhere else that I should post this to get a faster reaction?

Reply

You must log in to post.