Do you have any idea of the code being executed to perform the exploit.
You, or your host should at least have logs, unless this is a known ‘WordPress exploit’.
If that’s the case, then i would hope that you hear something further from one of the team.
I’d hope so at least… as i’d hate that **** happening to me…
Thread Starter
baa912
(@baa912)
Well… like I said, I’m not an expert on these things. The hack seemed to happen in Sept 08 and I just now am noticing it. I first noticed that my posts were no longer being indexed by google and started out to figure out why. Just by accident, I noticed when I pressed the back button, some strange site was trying to load that I did not recognize. Keep in mind that I never noticed anything strange going on on my blog to date. Upon further investigation, I found some encrypted code within several of the php files. Also some new php files altogether like a remv.php file in the wp-content/themes folder.
I still do not know exactly what these hacks were doing, but google obviously recognized it. Don’t know if the hack is still in one of the comments in my database or not.
IMPORTANT UPDATE: I just tested putting javascript into a post or comment while logged on as a contributor and it did not work as it does when you are logged in as administrator. Seems like administrator allows javascript and contributor does not. Also under settings/discussion, there are moderation and blacklist filters that may be useful.
So… in order to do the hack, the person would have to be logged in as administrator? Since it happened back in Sept 08, maybe I was using a more vulnerable version? Maybe one of my plugins or theme is hackable? Don’t know!
I was using 2.5 and had NO COMMENTS or even registration open and still found that file.
I wonder how they got in?