Had a message from my host tonight saying that I’ve been hacked – the following files *at least* are compromised:
./MYDOMAIN/public_html/archive.php: PHP.C99-13 FOUND
./MYDOMAIN/public_html/admin.php: PHP.ShellExec FOUND
./MYDOMAIN/public_html/htdocs.php: PHP.Mailer-7 FOUND
./MYDOMAIN/public_html/wp-content/themes/MyCuisine/log.php: PHP.ShellExec FOUND
./MYDOMAIN/public_html/wp-content/themes/MyCuisine/cache/newfile.php: PHP.ShellExec FOUND
Not clued up on this sort of stuff, but Googling PHP.99-13 took me to a Wikipedia page about Remote File Inclusion. Of course I can simply upload fresh copies of these files from a backup, but how have I been infected, and how do I ensure I’ve not left the door open for the files to be overwritten by the hack again?
Any and all advice gratefully received – my host is threatening to remove the site unless I get it sorted. Damn hackers, I would genuinely support legislation to kill them on conviction of a first offence 🙁
- The topic ‘Latest WP but still hacked with RFI’ is closed to new replies.