Hacked website possibly through Contact Form 7 & Really Simple CAPTCHA plugins!!
in 3 Dec 2011 11:17:56 PM on websitedefender.com it give me these 2 messages:
1.”File structure change: 1 new file found
One or more new files were created on the web server. You can find the list of newly created files below:
List of new files
Filename Creation time
/home/cat/public_html/mysite.com/wp-content/uploads/wpcf7_captcha/1377993414.php 3 Dec 2011 11:17:56 PM”
2.”An executable PHP file /mysite.com/wp-content/uploads/wpcf7_captcha/1377993414.php was found the the WordPress uploads directory. By default WordPress doesn’t allow uploading of PHP files in the uploads directory. Usually hackers are uploading malicious executable files in this directory because in a secure installation it’s the only directory that has write permissions. The presence of this file in the uploads directory may indicate that your system was compromised.
Analyze the contents of this file. If the file is malicious, delete it immediately from your system!”
In 2 hours it moved all the pages in trash bin, it erased and changed many menus, it had erased more then 600 “featured images” and “external media” videos.
I tried to delete the “wp-content/uploads/wpcf7_captcha/1377993414.php” but I didn’t anything in it. I deleted the file “wpcf7_captcha”. I want you to tell how did this happened
I use WP 3.2.1,
Better WP Security 2.10,
Wordpress Firewall 2 1.3,
Contact Form 7 3.0.1,
Really Simple CAPTCHA 1.2
in this site single wp .
And i have in my one multisite wp in main root of my host the WebsiteDefender WordPress 2.0.6 to scan all my host
1. How did this thing happened?
2.I have backup of 2 dec. and I have the corrupted base and at 3 dec. I have 3 new posts and I don’t want to lose them. Which sql queries I call and in which tables, in order to add in the base of tables of 2 dec. the 2 new posts from 3 dec. ?!?!?
Please help me!!!
- The topic ‘Hacked website possibly through Contact Form 7 & Really Simple CAPTCHA plugins!!’ is closed to new replies.