WordPress.org

Ready to get started?Download WordPress

Forums

Twenty Ten
Security issue with TwentyTen? (2 posts)

  1. la_ri_za
    Member
    Posted 7 months ago #

    Hi,

    my client's wordpress got hacked yesterday and I wonder if the hacker used some hole in TwentyTen theme. When I browsed through the wordpress files, I noticed that they had uploaded malware in two different folders. In twentyten/images there was a file called index.php which contained a password form. All the twentyten files were dated in October 2013. Yesterday evening they uploaded malware files in my custom theme folder, apparently using somehow the password form they had uploaded earlier. Unfortunately I don't have any log files from October so I cannot check how they got in back then. Both folders have 755 permissions.

    List of malware files:

    wp-content/themes/twentyten/images/index.php
    wp-content/themes/custom-theme/index.php
    wp-content/themes/custom-theme/php5.php
    wp-content/themes/custom-theme/wp-content2/bl.php

    One of the files contained a comment line saying "Web Shell by oRb".

    I managed to save the site by deleting all these files and I also changed all the passwords.

    I don't know if this is the right place posting this but if someone has had a similar attack I'd be happy to know about it. My client has updated the wordpress whenever there has been a new version available, so this is not a question of outdated software. Also they don't have any special plugins (just AddThis Social Bookmarking Widget, Akismet, Google XML Sitemaps, Hello Dolly and Twitter Widget Pro - all are up to date).

    Thanks in advance!

  2. No, the theme was not hacked. Something else edited them (it's actually pretty common for hackers to leave backdoors in themes).

Reply

You must log in to post.

About this Theme

About this Topic

Tags