WordPress.org

Ready to get started?Download WordPress

Forums

Recurring Malware Atack (2 posts)

  1. dchen
    Member
    Posted 2 years ago #

    Hi!

    I'm having this recurring malware attack with it linking to counter-wordpress.com which is very annoying.

    It keeps changing the following files:
    wp-settings.php
    jquery.js
    l10n.js

    I really do not know how to fix this.

    I have changed database passwords, FTP, salts & keys and even user passwords, and still it recurs. <,<

    How could this even have come in to the server?
    For now I have it fixed but I bet its gonna come back again.

    http://caperture.net/

  2. Jackson
    Member
    Posted 2 years ago #

    Have you dealt with the Timthumb vulnerability which is part of your theme? http://www.elegantthemes.com/blog/theme-changesbug-fixes/timthumb-vulnerability-security-update

    If not, I'd bet dollars to donuts that's where this started for you.

    Sounds like you need to re-install everything from fresh known to be good copies.

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    You can also check out http://wordpress.org/extend/plugins/exploit-scanner/

    PS - Keep changing that DB password until it's gone. If they're writing to your files, they're probably grabbing your db credentials from your wp-config.php file

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags