• I have tried to clean up a number of spam files on various sites since discovering that one of them was generating spam. As luck (and the alphabet) would have it I found a modified index file in my app-admin directory on the last site out of 13 on this server. The file was changed in Oct 2009, but nothing had happened until Dec 2009 when new files were written to the sites.
    I checked that site for posts in that month to see if I had uploaded something to a post, that might be corrupted. There was nothing but text in the posts, but I did notice that I had accepted a linkback request from someone in Oct 2009.
    When I clicked on the link to their site, it came up with a hacked message.
    I have implemented as many of the recommendations from Esmi, as I could so far (just 24 hrs into cleaning this up) in reply to my security concerns and that is how I found this malicious code.
    As always, many heartfelt thanks to one and all who do this support.
    My question, since this appears to have been a long hidden hack, is there anything more specific to this type of attack that can be implemented? Or just continue on being vigilant and searching for intrusions?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Do you still have the details of the incident/linkback message (please don’t post them here if you have)?

    Thread Starter Context Canada

    (@context-canada)

    Yes. They came as a comment to a post. I checked their website and it seemed legit so I added them to my links. I seem to recall checking sometime after that to see if my site was listed on theirs, but I don,t think it was and so I stopped checking after a while.

    Thread Starter Context Canada

    (@context-canada)

    Took another look at the sequence of events. The request for a link was made on 2009/10/11.
    The earliest corrupted file that I have found is marked as 2009/10/04 and was in my wp-includes directory as an index file.
    The next one was in my appadmin file as index file dated 2009/10/19.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    2009? Really? I’m only asking because in 2009 we were quite a few revs of WordPress ago and this MIGHT already be fixed.

    Also, by linkback what do you mean? A ping/trackback-esque comment?

    Thread Starter Context Canada

    (@context-canada)

    They sent me comment and asked if I wanted to share links!
    I have a screenshot of the request if it would help. I saved it as a jpeg file.
    Is it possible to change the date of the files that were revised/uploaded?

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Hacked by a Linkback request’ is closed to new replies.