Support » Fixing WordPress » Is this a known attack?

  • kaz2

    (@kaz2)


    I just received this from my Internet Host provider:
    I have deleted the files listed since they did not seem to do anything.
    Passing it on for review and comment.

    My questions is should/do I need to do anything else, other than the obvious upgrade to the WP Code to 3.1?

    Thanks
    G
    =================================
    This is an urgent notice regarding the security of your 1&1 account.

    Your 1&1 hosting account has been attacked via an insecure PHP script you
    installed on your webspace. You will find an analysis of the attack and
    instructions on how to secure your webspace against future attacks in this e-mail.

    ******************************************************************************
    1. Analysis of the attack
    ******************************************************************************
    1.1 The hackers processed the attack through a security leak in your script/s
    Wordpress

    1.2 Via this security leak the hackers have uploaded the following malicious
    files to your webspace:
    ./wordpress/wp-content/uploads/2008/04/functilon.php
    ./wordpress/wp-content/uploads/2008/04/wp-lenks.php

    1.3 In order to impede further attacks, we have disabled these files. Please
    note that part of your websites may be impaired.

    ******************************************************************************
    2. Required measures
    ******************************************************************************
    In order to reactivate your websites and re-establish the security of your 1&1
    account, observe the following instructions.

    2.1 Delete all aforementioned files. Note that hackers usually come back to a
    webspace they exploited successfully.

    2.2 Upload a more secure version of the following modules of your software:
    Wordpress
    You will further information on
    http://www.wordpress.org

    !!!IF INTRUSION POINT NOT SURE!!!
    2.2 Secure all security leaks in your scripts. We found possibly successful
    exploits through at least the following scripts:
    !!!PASTE SCRIPTS HERE!!!

    2.3 Check whether other malicious content was uploaded onto your webspace
    during the attack. Delete all unknown, suspicious files immediately.

    IMPORTANT: In the future, please check the security of the software you install
    on a regular basis. We will assist and help you with any specific problem, but
    please be aware that the security of the software you install is your sole
    responsibility.

    For information on the technique the hackers used, see
    http://en.wikipedia.org/wiki/Remote_File_Inclusion
    http://en.wikipedia.org/wiki/Code_injection#Include File Injection

    ****************************************************************************

    If you should require further information, please reply to this e-mail, leaving
    our reference [Ticket AB21337785] in your message.

    Thank you in advance for your efforts. We appreciate your cooperation and look
    forward continuing to provide you with safe and secure hosting.

    Kind regards,

    Abuse Team


    Abuse Department
    1&1 Internet Inc.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Is this a known attack?’ is closed to new replies.