WordPress.org

Ready to get started?Download WordPress

Forums

the latest of WP just got hacked (6 posts)

  1. go0d
    Member
    Posted 5 years ago #

    While I was busy posting on go0d.com I saw that the blog has been hacked and it must have happened at about the same time that I was posting.

    http://go0d.com/?p=3

    I am wondering if you know where the exploit is and how to fix it?

    thank you

  2. whooami
    Member
    Posted 5 years ago #

    umm, and what there suggests a hack?

    fix the permissions on wp-includes/compat.php so that THIS isnt happening:

    http://go0d.com/wp-includes/compat.php

    Forbidden
    You don't have permission to access /wp-includes/compat.php on this server.

    Youve been messing with something, as even google's cache of your site shows it without a theme.

    Crying wolf about being hacked is a bad idea, honestly -- if you dont know for sure, dont do it.

  3. go0d
    Member
    Posted 5 years ago #

    please - check again... http://go0d.com/?p=3
    I wasn't crying wolf at all, a friend was trying
    to help with denying anyone's access to the blog,
    as he did not know that I wrote here on the forum...
    thank you

  4. whooami
    Member
    Posted 5 years ago #

    yah, ok, fair enough. My bad. Im sorry.

    thats a remote shell.

    might be wordpress related, might not.

    If you can locate your server logs AND your ftp logs, you can more than likely track down the entry point.

    I would be looking around on your server to see if thats an actual file, OR if its code thats been added .. Ill bet its a file, and its been included.

    You want to get the timestamp on that file, so you can compare the timestamp to anything that in those logs.

    By the way, your site is completely compromised, assuming any of those commands were executed.

    If this were mine -- I would grab a backup of my database from phpmyadmin -- and shitcan EVERYTHING after doing that.

    Start over -- fresh database, fresh password. Fresh WP install, fresh admin passwd(s). Fresh files, and safe permissions.

    All of that, after I hunted down that file and got the timestamp so I could compare it to anything I located in the logs.

  5. go0d
    Member
    Posted 5 years ago #

    Thank you for your input whooami, I will do
    as you suggested
    have a good night

  6. whooami
    Member
    Posted 5 years ago #

    have a good night

    thanks, I wish i could say the same for you, but I dont think you will. :(

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags