WordPress.org

Ready to get started?Download WordPress

Forums

My WordPress has been hacked (5 posts)

  1. afx237vi
    Member
    Posted 6 years ago #

    I'm running a blog using WP 2.0 and about 10 days ago, I went over my monthly bandwidth limit for the first ever time. I have a 7 gig limit, and running a small hardly-read blog, I've never even got close to that before.

    So now it's the start of a new month, and I checked my cPanel logs to find out what used up all that bandwidth. I found this:

    /cycloblog/wordpress/wp-content/cache/c4ca4238a0b923820dcc509a6f75849b/options/x/xpersia.php

    I googled xpersia.php and I still have no idea what it is. Some kind of Iranian porn thing?! Whatever it is, it used virtually all of my bandwidth in the space of four days last month and I most certainly did not put it there.

    My question: Does anyone know what the hell it is? More importantly: How do I ensure I get it all off my server? Will I mess anything up by just going in via FTP and deleting all the contents of the cache folder?

    Is there any way of telling if there's any other nasty stuff on my server?

  2. whooami
    Member
    Posted 6 years ago #

    oh the joys of responding to someone that hasn't heeded security issues.

    Honestly, who cares what it is. Your site was exploited.

    Notify your host. Delete the files. Change your passwords. UPGRADE your wordpress. Make sure any other software you are using is current as well.

    Dont use crappy wide open file permissions:. Obviously, they were able to write to your cache directory, so the permissions on that were world writable.

    You cant combine permissions like that with an exploitable web app -- the results are obvious.

    Lastly, pay attention. Look at your dashboard occasionally. Rummage around your site using an ftp client sometimes. Treat your web site like its your virtual house.

  3. afx237vi
    Member
    Posted 6 years ago #

    Yes, I should have paid more attention. I know. I've informed my host, and deleted the script.

    Obviously it was my file permissions, but I'm not an expert, and obviously changed something I shouldn't have. Could you recommend a good guide for dealing with permissions in WP?

    I found this, but I'm still confused:

    http://codex.wordpress.org/Hardening_WordPress#File_permissions

    Says things like "all files should be writable only by your user account" but what chmod is that? 600? 644? I presume I'm "user", but what's the difference between "group" and "others".

  4. whooami
    Member
    Posted 6 years ago #

    UGO = user/group/other

    You are the user, you are in a group, others is everyone, including you, including your group, including those that arent you, and arent in your group, aka everyone.

    755 =

    7 for User
    5 for Group
    5 for Other

    --

    writable only by you is 600

    a decent explanation of the different octets is here:

    http://www.freeos.com/articles/3127/

    if thats unbearable just Google "linux permissions"

  5. sunstone
    Member
    Posted 6 years ago #

    Okay, whooami, here's the newbie again with another "stupid" question:

    Do my files have to be writable to get the plug-ins to work? I have several plug-ins that don't seem to be working, so I changed the sidebar permissions to 666. Should they be 600?
    In that panel where you can edit your theme, below the place where the code shows is the notation, if this were writable, you could edit this." I do want to do a little editing. What should the permission be changed to? Does "me" include my plug-ins?

Topic Closed

This topic has been closed to new replies.

About this Topic