Folders added to root | WordPress.org

brew13
(@brew13)

15 years, 10 months ago

I just found out that there are 8 new folders in the root of my WP installation that are not WP files. They have meaningless names and each folder has multiple index files in them.

Are these hacker files? I’m sure these are not WP folders and are not the folders created with the domain i.e. cgi-bin, etc. I’m am planning to delete them, and then thought that I better get expert advice. Is there anything else I need to do to clean up this attack?

Viewing 3 replies - 1 through 3 (of 3 total)

Diane Bourque
(@dianebourque)

15 years, 10 months ago

What are the names of these folders?

Thread Starter brew13
(@brew13)

15 years, 10 months ago

The folder names are:
dgpbs4, dtzjr3, huga8, hyfsr4, ihn2, jmay8, mdxv1, pdnis7, pfzvh4, trdog3, umhv1, vfcd2.

Thanks.

Thread Starter brew13
(@brew13)

15 years, 10 months ago

For others benefit, the folders were infected through shell scripts which were uploaded through files with unsecure permissions. I deleted the folders and files and checked to be sure that all folders are 755 permission and files are 644. I added a http://ftp.deny file and a http://ftp.allow file that only authorizes ftp access from my computer since I’m the only person that should access the website.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Folders added to root’ is closed to new replies.

In: Fixing WordPress
3 replies
2 participants
Last reply from: brew13
Last activity: 15 years, 10 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics