Support » Fixing WordPress » Site hacked! Macker’s php shell?

  • I discovered this morning that one of my blogs has been hacked. I can’t figure out how it was done, but I’m suspicious of a couple of files in the wp-content directory – tlz.php and tlz_01.php. They both seem to be something called Macker’s PHP shell. I’m running WP 1.5. Help???

    Thanks,
    Harry

Viewing 2 replies - 1 through 2 (of 2 total)
  • 1. Talk to your host.
    2. Change passwords.
    3. Backup your data fully.
    4. Delete anything you did not upload.

    Do not assume that WP is the vulnerable part here – ask your host to check logs.

    Who is your host ?

    Thread Starter hboswell

    (@hboswell)

    I’m not assuming WordPress is the problem. But I am assuming I’m not the first person to have a WordPress blog hacked. I discovered an entry in the wp database that allowed php files to be uploaded, and deleted that. I’m guessing the two tlz*.php files were the culprit, and I deleted them. But I’m not assuming I’m safe yet.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Site hacked! Macker’s php shell?’ is closed to new replies.