WordPress.org

Forums

PLEASE BE AWARE OF THIS HACKER (9 posts)

  1. jonathannelson
    Member
    Posted 8 years ago #

    Friends, my site was just hacked into by a person known as "Red Worm"

    Check out this Google search: http://www.google.com/search?hl=en&lr=&rls=GGGL%2CGGGL%3A2006-13%2CGGGL%3Aen&q=%22redworm+was+here%22&btnG=Search

    What do I do? How do I stop him???

    This is the error it is giving me now:
    Fatal error: Call to undefined function wp() in /home/name-goes-here/public_html/wp-blog-header.php on line 14

    He has broken everything :(

  2. Mark (podz)
    Support Maven
    Posted 8 years ago #

    1. Save your database now.
    2. Download everything else.
    2. Delete ALL wp- files
    3. Delete the themes folder and everything in it.

    That should take care of bad files.

    Now upload new wp files
    CHMOD every single file to 644.
    Check it's all working, then take it from there.
    Do NOT upload anything from the old themes directory if you can help it - it's the most likely way in.

    You could tell your host too - but they'll blame WP.... which it is not.

  3. manstraw
    Member
    Posted 8 years ago #

    I personally recommend you change hosts. Or at least ask your current host to put you on a *different server*, and tell them why. You're not sure how he got in right? Was it through wordpress, an insecure plugin, or through another way entirely? He might have installed something to easily let him in again, which is why I recommend being moved to a new server.

    Do you have a backup of your mysql database? That's the main thing you want, as it's your 'content'.

  4. spencerp
    Member
    Posted 8 years ago #

    Shoot! And I'm here running an alpha version of WP. =P Just to play it safe, I'd better back up everything as well.. [rolls eyes] Damn hackers!

    spencerp

    The last time I got hacked, I'm pretty sure they got through an "un-updated" version of the Coppermine Photo Gallery.. then from there, they went "happy"!

  5. yosemite
    Member
    Posted 8 years ago #

    Saw this in response: I figured it out. It was a PERL hack related to the MoveableType PluginManager.

    Can't verify yet...

  6. jonathannelson
    Member
    Posted 8 years ago #

    a search of these fools:

    http://www.google.com/search?sourceid=navclient-ff&ie=UTF-8&rls=GGGL,GGGL:2006-13,GGGL:en&q=ZeberuS+%2C+PowerCobrA+%2C+S0ntang0

    im following the steps above, thx. ill keep you all informed.

  7. jonathannelson
    Member
    Posted 8 years ago #

    Update:

    1. backed everything up
    2. deleted everything
    3. getting new WP files now

  8. jonathannelson
    Member
    Posted 8 years ago #

    i posted these bastard hackers on digg. i hope it gets on the front page and that they're caught.

  9. sarah_beth
    Member
    Posted 8 years ago #

    Was "wp-blog-header.php" found on an index page? The theory is that redworm only attacks the index page of your site.
    It would look like this on your index page.

    <? require("wp-blog-header.php"); ?>
    or
    <? require("header.php"); ?>

    It's trying to call the file from index.php but it can't be found.

Topic Closed

This topic has been closed to new replies.

About this Topic