Support » Requests and Feedback » PLEASE BE AWARE OF THIS HACKER

Viewing 8 replies - 1 through 8 (of 8 total)
  • 1. Save your database now.
    2. Download everything else.
    2. Delete ALL wp- files
    3. Delete the themes folder and everything in it.

    That should take care of bad files.

    Now upload new wp files
    CHMOD every single file to 644.
    Check it’s all working, then take it from there.
    Do NOT upload anything from the old themes directory if you can help it – it’s the most likely way in.

    You could tell your host too – but they’ll blame WP…. which it is not.

    I personally recommend you change hosts. Or at least ask your current host to put you on a *different server*, and tell them why. You’re not sure how he got in right? Was it through wordpress, an insecure plugin, or through another way entirely? He might have installed something to easily let him in again, which is why I recommend being moved to a new server.

    Do you have a backup of your mysql database? That’s the main thing you want, as it’s your ‘content’.

    Shoot! And I’m here running an alpha version of WP. =P Just to play it safe, I’d better back up everything as well.. [rolls eyes] Damn hackers!

    spencerp

    The last time I got hacked, I’m pretty sure they got through an “un-updated” version of the Coppermine Photo Gallery.. then from there, they went “happy”!

    Saw this in response: I figured it out. It was a PERL hack related to the MoveableType PluginManager.

    Can’t verify yet…

    Thread Starter jonathannelson

    (@jonathannelson)

    a search of these fools:

    http://www.google.com/search?sourceid=navclient-ff&ie=UTF-8&rls=GGGL,GGGL:2006-13,GGGL:en&q=ZeberuS+%2C+PowerCobrA+%2C+S0ntang0

    im following the steps above, thx. ill keep you all informed.

    Thread Starter jonathannelson

    (@jonathannelson)

    Update:

    1. backed everything up
    2. deleted everything
    3. getting new WP files now

    Thread Starter jonathannelson

    (@jonathannelson)

    i posted these bastard hackers on digg. i hope it gets on the front page and that they’re caught.

    Was “wp-blog-header.php” found on an index page? The theory is that redworm only attacks the index page of your site.
    It would look like this on your index page.

    <? require(“wp-blog-header.php”); ?>
    or
    <? require(“header.php”); ?>

    It’s trying to call the file from index.php but it can’t be found.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘PLEASE BE AWARE OF THIS HACKER’ is closed to new replies.