WordPress.org

Ready to get started?Download WordPress

Forums

"wp-test.txt" hack puts spam links on WP installation (3 posts)

  1. jsidline
    Member
    Posted 2 years ago #

    Sometime after 4:00 AM Pacific on 12/27 a file appeared to have been uploaded to our website. We use a WordPress 3.3 installation on 1and1. A file (wp-test.txt) was uploaded to the http://www.mobilitywire.com/content/ folder. It appears this file caused many links to be generated such as:

    http://www.mobilitywire.com/cialis-super-active-vs-cialis
    http://www.mobilitywire.com/cialis-cheaply
    http://www.mobilitywire.com/cialis-super

    … etc. Here’s a link to some more search results so you can see. But it’s not just for the word “Cialis”, many other drug names are generating pages.

    The links first direct the browser to mytdsssss.info and from there to nice-online-shop.com

    I changed the password for FTP access then deleted the wp-test.txt file. That immediately broke all the links so that a 404 error was displayed on website and iphone. But ipad still has the redirect. Any suggestions on what more I can do on my end would be appreciated. Also, as I have changed the password and subsequently the problem seemed to be partially restored, maybe there is some vulnerability to the server?

    I will respond to this post with the contents of the wp-test.txt file.

  2. jsidline
    Member
    Posted 2 years ago #

    [Code moderated as per the Forum Rules. Please use the pastebin]

  3. esmi
    Forum Moderator
    Posted 2 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic