WordPress.org

Support

Support » How-To and Troubleshooting » Hacker deface wordpress in a wierd way

Hacker deface wordpress in a wierd way

  • I am quite baffled on how the hacker was able to deface several WordPress sites but it gives me an idea.

    Take note: This installation is WordPress 3.4.1 with no additional plugins or themes.

    Here’s the raw access log:

    125.167.118.62 - - [01/Aug/2012:14:10:50 +0800] "GET /wordpress/wp-login.php HTTP/1.1" 200 2180 "-" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:10:52 +0800] "GET /wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1 HTTP/1.1" 200 36317 "http://example.com/wordpress/wp-login.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:10:52 +0800] "GET /wordpress/wp-admin/css/wp-admin.css?ver=3.4.1 HTTP/1.1" 200 108246 "http://example.com/wordpress/wp-login.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:10:55 +0800] "GET /wordpress/wp-admin/images/button-grad.png HTTP/1.1" 200 243 "http://example.com/wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:10:55 +0800] "GET /wordpress/wp-admin/images/wordpress-logo.png?ver=20120216 HTTP/1.1" 200 5048 "http://example.com/wordpress/wp-admin/css/wp-admin.css?ver=3.4.1" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:10:56 +0800] "GET /favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:00 +0800] "POST /wordpress/wp-login.php HTTP/1.1" 302 - "http://example.com/wordpress/wp-login.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:02 +0800] "GET /wordpress/wp-admin/ HTTP/1.1" 200 47301 "http://example.com/wordpress/wp-login.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:10 +0800] "GET /wordpress/wp-includes/js/thickbox/thickbox.css?ver=3.4.1 HTTP/1.1" 200 3870 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:10 +0800] "GET /wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1 HTTP/1.1" 304 - "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:10 +0800] "GET /wordpress/wp-admin/images/wpspin_light.gif HTTP/1.1" 200 2193 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:10 +0800] "GET /wordpress/wp-admin/load-styles.php?c=1&dir=ltr&load=wp-jquery-ui-dialog&ver=3.4.1 HTTP/1.1" 200 1087 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:09 +0800] "GET /wordpress/wp-admin/load-styles.php?c=1&dir=ltr&load=admin-bar,wp-admin&ver=3.4.1 HTTP/1.1" 200 28480 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:11 +0800] "GET /wordpress/wp-admin/images/media-button.png?ver=20111005 HTTP/1.1" 200 3117 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:10 +0800] "GET /wordpress/wp-includes/css/editor.css?ver=3.4.1 HTTP/1.1" 200 43861 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:10 +0800] "GET /wordpress/wp-admin/load-scripts.php?c=1&load=jquery,utils&ver=3.4.1 HTTP/1.1" 200 37529 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:11 +0800] "GET /wordpress/wp-admin/load-scripts.php?c=1&load=admin-bar,hoverIntent,common,jquery-color,wp-ajax-response,wp-lists,quicktags,jquery-query,admin-comments,jquery-ui-core,jquery-ui-widget,jquery-ui-mouse,jquery-ui-sortable,postbox,dashboard,thickbox,plugin-install,media-upload,word-count,jquery-ui-resizable,jquery-ui-draggable,jquery-ui-button,jquery-ui-position,jquery-ui-dialog,wpdialogs,wplink,wpdialogs-popup&ver=3.4.1 HTTP/1.1" 200 56368 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:15 +0800] "GET /wordpress/wp-admin/images/menu-shadow.png HTTP/1.1" 200 131 "http://example.com/wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:15 +0800] "GET /wordpress/wp-admin/images/menu.png?ver=20120201 HTTP/1.1" 200 13585 "http://example.com/wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:15 +0800] "GET /wordpress/wp-includes/images/admin-bar-sprite.png?d=20111130 HTTP/1.1" 200 3999 "http://example.com/wordpress/wp-admin/load-styles.php?c=1&dir=ltr&load=admin-bar,wp-admin&ver=3.4.1" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:15 +0800] "GET /wordpress/wp-admin/images/arrows.png HTTP/1.1" 200 494 "http://example.com/wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:15 +0800] "GET /wordpress/wp-admin/images/icons32.png?ver=20111206 HTTP/1.1" 200 13441 "http://example.com/wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:16 +0800] "GET /wordpress/wp-admin/images/xit.gif HTTP/1.1" 200 182 "http://example.com/wordpress/wp-admin/load-styles.php?c=1&dir=ltr&load=admin-bar,wp-admin&ver=3.4.1" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:17 +0800] "GET /wordpress/wp-admin/images/white-grad.png HTTP/1.1" 200 210 "http://example.com/wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:16 +0800] "GET /wordpress/wp-admin/images/wp-badge.png?ver=20111120 HTTP/1.1" 200 14352 "http://example.com/wordpress/wp-admin/load-styles.php?c=1&dir=ltr&load=admin-bar,wp-admin&ver=3.4.1" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:18 +0800] "GET /wordpress/wp-includes/js/thickbox/loadingAnimation.gif HTTP/1.1" 200 5886 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:19 +0800] "GET /wordpress/wp-admin/admin-ajax.php?action=dashboard-widgets&widget=dashboard_incoming_links HTTP/1.1" 200 253 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:19 +0800] "GET /wordpress/wp-admin/admin-ajax.php?action=dashboard-widgets&widget=dashboard_primary HTTP/1.1" 200 1975 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:19 +0800] "GET /wordpress/wp-admin/admin-ajax.php?action=dashboard-widgets&widget=dashboard_secondary HTTP/1.1" 200 2433 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:20 +0800] "GET /wordpress/wp-admin/admin-ajax.php?action=dashboard-widgets&widget=dashboard_plugins HTTP/1.1" 200 541 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:37 +0800] "GET /wordpress/wp-admin/theme-editor.php HTTP/1.1" 200 80407 "http://example.com/wordpress/wp-admin/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:52 +0800] "GET /wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1 HTTP/1.1" 304 - "http://example.com/wordpress/wp-admin/theme-editor.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:24:53 +0800] "GET /wordpress/wp-admin/load-scripts.php?c=1&load=admin-bar,hoverIntent,common,jquery-color&ver=3.4.1 HTTP/1.1" 200 5480 "http://example.com/wordpress/wp-admin/theme-editor.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:25:21 +0800] "GET /wordpress/wp-admin/images/white-grad-active.png HTTP/1.1" 200 223 "http://example.com/wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:25:21 +0800] "POST /wordpress/wp-admin/theme-editor.php HTTP/1.1" 200 47185 "http://example.com/wordpress/wp-admin/theme-editor.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:25:23 +0800] "GET /wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1 HTTP/1.1" 304 - "http://example.com/wordpress/wp-admin/theme-editor.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:25:44 +0800] "GET /wordpress/wp-admin/theme-editor.php?file=404.php&theme=twentyten HTTP/1.1" 200 25912 "http://example.com/wordpress/wp-admin/theme-editor.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:25:47 +0800] "GET /wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1 HTTP/1.1" 304 - "http://example.com/wordpress/wp-admin/theme-editor.php?file=404.php&theme=twentyten" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    66.249.71.183 - - [01/Aug/2012:14:25:47 +0800] "GET /wordpress/?m=201207 HTTP/1.1" 200 7669 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
    125.167.118.62 - - [01/Aug/2012:14:27:04 +0800] "GET /wordpress/wp-admin/images/button-grad-active.png HTTP/1.1" 200 284 "http://example.com/wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:27:04 +0800] "POST /wordpress/wp-admin/theme-editor.php HTTP/1.1" 302 - "http://example.com/wordpress/wp-admin/theme-editor.php?file=404.php&theme=twentyten" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:27:48 +0800] "GET /wordpress/wp-admin/theme-editor.php?file=404.php&theme=twentyten&scrollto=22493&updated=true HTTP/1.1" 200 150688 "http://example.com/wordpress/wp-admin/theme-editor.php?file=404.php&theme=twentyten" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:27:59 +0800] "GET /wordpress/wp-admin/css/colors-fresh.css?ver=3.4.1 HTTP/1.1" 304 - "http://example.com/wordpress/wp-admin/theme-editor.php?file=404.php&theme=twentyten&scrollto=22493&updated=true" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:28:53 +0800] "GET /wordpress/v HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:28:54 +0800] "GET /wordpress/v HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:28:56 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php HTTP/1.1" 200 41843 "-" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:28:59 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=sort_asc HTTP/1.1" 200 85 "http://example.com/wordpress/wp-content/themes/twentyten/404.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:28:59 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=ext_lnk HTTP/1.1" 200 572 "http://example.com/wordpress/wp-content/themes/twentyten/404.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:28:59 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=small_dir HTTP/1.1" 200 498 "http://example.com/wordpress/wp-content/themes/twentyten/404.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:29:00 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=ext_diz HTTP/1.1" 200 1034 "http://example.com/wordpress/wp-content/themes/twentyten/404.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:29:00 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=change HTTP/1.1" 200 290 "http://example.com/wordpress/wp-content/themes/twentyten/404.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:29:00 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=download HTTP/1.1" 200 161 "http://example.com/wordpress/wp-content/themes/twentyten/404.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:29:00 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=ext_php HTTP/1.1" 200 1125 "http://example.com/wordpress/wp-content/themes/twentyten/404.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:29:00 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=ext_css HTTP/1.1" 200 134 "http://example.com/wordpress/wp-content/themes/twentyten/404.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:29:00 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=ext_txt HTTP/1.1" 200 132 "http://example.com/wordpress/wp-content/themes/twentyten/404.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:29:00 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=ext_png HTTP/1.1" 200 175 "http://example.com/wordpress/wp-content/themes/twentyten/404.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:29:00 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=arrow_ltr HTTP/1.1" 200 88 "http://example.com/wordpress/wp-content/themes/twentyten/404.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:29:27 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=ls&d=%2Fhome%2Fexample%2Fpublic_html%2F&sort=0a HTTP/1.1" 200 10844 "http://example.com/wordpress/wp-content/themes/twentyten/404.php" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:29:28 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=ext_htaccess HTTP/1.1" 200 117 "http://example.com/wordpress/wp-content/themes/twentyten/404.php?x=ls&d=%2Fhome%2Fexample%2Fpublic_html%2F&sort=0a" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:29:32 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=ext_zip HTTP/1.1" 200 577 "http://example.com/wordpress/wp-content/themes/twentyten/404.php?x=ls&d=%2Fhome%2Fexample%2Fpublic_html%2F&sort=0a" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:30:13 +0800] "POST /wordpress/wp-content/themes/twentyten/404.php?x=ls&d=%2Fhome%2Fexample%2Fpublic_html%2F&sort=0a HTTP/1.1" 200 11877 "http://example.com/wordpress/wp-content/themes/twentyten/404.php?x=ls&d=%2Fhome%2Fexample%2Fpublic_html%2F&sort=0a" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:30:15 +0800] "GET /wordpress/wp-content/themes/twentyten/404.php?x=img&img=ext_html HTTP/1.1" 200 1125 "http://example.com/wordpress/wp-content/themes/twentyten/404.php?x=ls&d=%2Fhome%2Fexample%2Fpublic_html%2F&sort=0a" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"
    125.167.118.62 - - [01/Aug/2012:14:33:19 +0800] "GET / HTTP/1.1" 200 3336 "-" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0"

    As you can see the hacker directly logs in to WP in one attempt meaning he already already knows the login details. We can argue he really knows it or he was able to edit the wp_users before logging in. But what intrigues me is the need to edit the “404.php” file then insert their own editor by using eval(gzinflate(base64_decode())), when he can simply edit “index.php” instead. If he simply edited index.php antivirus will not detect it but instead he chose to leave his tracks behind.

    Anyone else experienced this?

Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Hacker deface wordpress in a wierd way’ is closed to new replies.