compromised by options.php and a user named backup
-
Hi Folks,
recently my wp site facing a couple of attack like :- some nasty encoded script added into almost all wordpress core files and plugins files
- a user named ‘backup’ was added
- a nasty encoded script named options.php was added into root directory
- and many more
September 19, 2015 7:13 am
system
::1
File modified: (multiple entries):
index.php (old size: 418; new size: 13659)
wp-activate.php (old size: 4951; new size: 18192)
wp-admin/about.php
wp-admin/admin-ajax.php
wp-admin/admin-footer.php
wp-admin/admin-functions.php
wp-admin/admin-header.php
wp-admin/admin-post.php
wp-admin/admin.php
wp-admin/async-upload.php
wp-admin/comment.php
wp-admin/credits.php
wp-admin/custom-background.php
wp-admin/custom-header.php
wp-admin/customize.php
wp-admin/edit-comments.php
wp-admin/edit-form-advanced.php
wp-admin/edit-form-comment.php
wp-admin/edit-link-form.php
wp-admin/edit-tag-form.php
wp-admin/edit-tags.php
wp-admin/edit.php
wp-admin/export.php
wp-admin/freedoms.php
wp-admin/import.php
wp-admin/includes/admin.php
wp-admin/includes/ajax-actions.php
wp-admin/includes/bookmark.php
wp-admin/includes/class-ftp-pure.php
wp-admin/includes/class-ftp-sockets.php
wp-admin/includes/class-ftp.php
wp-admin/includes/class-pclzip.php
wp-admin/includes/class-wp-comments-list-table.php
wp-admin/includes/class-wp-filesystem-base.php
wp-admin/includes/class-wp-filesystem-direct.php
wp-admin/includes/class-wp-filesystem-ftpext.php
wp-admin/includes/class-wp-filesystem-ftpsockets.php
wp-admin/includes/class-wp-filesystem-ssh2.php
wp-admin/includes/class-wp-importer.php
wp-admin/includes/class-wp-links-list-table.php
wp-admin/includes/class-wp-list-table.php
wp-admin/includes/class-wp-media-list-table.php
wp-admin/includes/class-wp-ms-sites-list-table.php
wp-admin/includes/class-wp-ms-themes-list-table.php
wp-admin/includes/class-wp-ms-users-list-table.php
…
September 19, 2015 7:13 am
system
::1
New file added options.php (size: 14115)
September 19, 2015 4:48 am
system
112.78.40.28
Post deleted; identifier: 2714
September 19, 2015 2:25 am
(backup)
92.62.129.97
Media file added; identifier: 2714; name: small.jpg; type:
September 19, 2015 2:25 am
(backup)
92.62.129.97
Plugin installed: small.jpg
September 19, 2015 2:25 am
backup
92.62.129.97
User authentication succeeded: backup
September 19, 2015 12:05 am
backup
92.62.129.97
User authentication succeeded: backup
September 16, 2015 11:40 pm
system
::1
File modified .htaccess (old size: 235, new size: 244)`
The topic ‘compromised by options.php and a user named backup’ is closed to new replies.