Why do you think that indicates you were hacked?
spam comments and trackbacks DO get past askimet, its posted on all of the time.
That said, your running 2.1.3, so frankly, if you were hacked, it’s on you. That release is has been obsolete for what, a year?
If you read your dashboard, or ever both to look here:
http://wordpress.org/development/ you would know this.
Thread Starter
jca
(@jca)
I’m assuming the spam is following because plug-ins (like akismet and captcha) have been disabled – hard to say since I can’t get into the admin panel.
And thanks for the help with the out-of-date WP install reminder. I’m aware of that, but haven’t been able to upgrade for unrelated reasons. If you have any advice or help, it would be appreciated.
As what whooami said, go upgrade it. The developers release upgrades for a reason.
I wouldnt assume anything, thats not real safe, and may be what has led to this in the first place.
If you were hacked, which given your version, is a possibility, you have more to worry about than disabled plugins and 100 some odd spam comments.
Best case scenario (just wordpress):
they have your WP admin password
Worst case (home directory compromised):
they have your WP admin password
if they can read your files, they have your mysql password, and may have your ftp password, if they’re the same.
——–
Looking at your plugins directory, I also see your using wp-db-backup, you might want to take a look at what version youre running of that, since there is directory traversal vulnerability in an older version.
Thread Starter
jca
(@jca)
Looks like it was the “ro8kfbswmag.txt” exploit:
http://wordpress.org/support/topic/141041
I’m repairing some of the damage now via MyPHPAdmin, but still can’t get back into the admin panel because of the previously mentioned version error. I see no wp_options SQL table setting for wordpress version numbers. Am I missing it?
thats a root shell exploit, done via a remote file inclusion, and that indicates far more than a simple hack.
if that was used, you ought to see an indication of it in your sever logs.