WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] What is 26644.php file in wp-content? (5 posts)

  1. ww1065
    Member
    Posted 6 years ago #

    I am running WP 2.3.1, and am finding unwanted files (like uploaded cracks, etc.) listed as having been accessed in my access logs. The log shows no uploading or POSTing of these files, only a successful GET.

    Going there finds only the desired sub directories along with a file named 26644.php. It looks like a bunch of code responsible for redirecting or something.

    Changing all passwords for everything on the site have not helped. This leads me to think that this file may be responsible, but I don't know how it got there. I have directory listing turned off so they get an error message if they navigate to where there is no index page.

    I'm not going to enter it unless requested (I don't know how Akismet will behave with it).

    I have given it a random name, and the blog seems to work fine. I also can't find this on my local playground files.

    This file has shown up after I upgraded to 2.3.1, and I did the upgrade with a clean install after blowing everything out prior, and manually reloading on the site (I kept the database intact).

    Any help or ideas would be greatly appreciated!

  2. moshu
    Member
    Posted 6 years ago #

    Is the directory (wp-content) world writable - aka chmod 777?

  3. ww1065
    Member
    Posted 6 years ago #

    It is 755 as well as all directories above and below.

  4. moshu
    Member
    Posted 6 years ago #

    If you are sure they couldn't access your blog via writable folders or files... then contact your host and report it. Maybe the hackers accessed the server somewhere else.

  5. ww1065
    Member
    Posted 6 years ago #

    That is my thoughts as I don't think I have any folders writable by the public. I've actually broken some apps by CHMOD-ing too tight...

    Thanks for your input, I wanted to hear your thoughts before spending time with the host (they are not bad to deal with, though).

    I'm marking it resolved and hope I can keep it that way!

Topic Closed

This topic has been closed to new replies.

About this Topic