Is this a known attack?
-
I just received this from my Internet Host provider:
I have deleted the files listed since they did not seem to do anything.
Passing it on for review and comment.My questions is should/do I need to do anything else, other than the obvious upgrade to the WP Code to 3.1?
Thanks
G
=================================
This is an urgent notice regarding the security of your 1&1 account.Your 1&1 hosting account has been attacked via an insecure PHP script you
installed on your webspace. You will find an analysis of the attack and
instructions on how to secure your webspace against future attacks in this e-mail.******************************************************************************
1. Analysis of the attack
******************************************************************************
1.1 The hackers processed the attack through a security leak in your script/s
Wordpress1.2 Via this security leak the hackers have uploaded the following malicious
files to your webspace:
./wordpress/wp-content/uploads/2008/04/functilon.php
./wordpress/wp-content/uploads/2008/04/wp-lenks.php1.3 In order to impede further attacks, we have disabled these files. Please
note that part of your websites may be impaired.******************************************************************************
2. Required measures
******************************************************************************
In order to reactivate your websites and re-establish the security of your 1&1
account, observe the following instructions.2.1 Delete all aforementioned files. Note that hackers usually come back to a
webspace they exploited successfully.2.2 Upload a more secure version of the following modules of your software:
Wordpress
You will further information on
http://www.wordpress.org!!!IF INTRUSION POINT NOT SURE!!!
2.2 Secure all security leaks in your scripts. We found possibly successful
exploits through at least the following scripts:
!!!PASTE SCRIPTS HERE!!!2.3 Check whether other malicious content was uploaded onto your webspace
during the attack. Delete all unknown, suspicious files immediately.IMPORTANT: In the future, please check the security of the software you install
on a regular basis. We will assist and help you with any specific problem, but
please be aware that the security of the software you install is your sole
responsibility.For information on the technique the hackers used, see
http://en.wikipedia.org/wiki/Remote_File_Inclusion
http://en.wikipedia.org/wiki/Code_injection#Include File Injection****************************************************************************
If you should require further information, please reply to this e-mail, leaving
our reference [Ticket AB21337785] in your message.Thank you in advance for your efforts. We appreciate your cooperation and look
forward continuing to provide you with safe and secure hosting.Kind regards,
Abuse Team
—
Abuse Department
1&1 Internet Inc.
- The topic ‘Is this a known attack?’ is closed to new replies.