Title: Security Glitch
Last modified: August 20, 2016

---

# Security Glitch

 *  [ankurkiet](https://wordpress.org/support/users/ankurkiet/)
 * (@ankurkiet)
 * [14 years, 4 months ago](https://wordpress.org/support/topic/security-glitch/)
 * I have my wordpress website [http://www.dnawebworld.com](http://www.dnawebworld.com)
   
   I have created mutiple site in it. But it is currently blocked by the hosting
   provider, because of some scripting issue generated in it.
 * Please help me to resolve this issue.
 * Here is the details that they have send to me-
 * We are contacting you regarding an reoccurring issue with your hosting account
   due to which we have been forced to permanently suspend your account as this 
   is the third time your application has been exploited causing significant performance
   issues with the hosting environment.
 * During our server monitoring we have detected malicious scripts running via your
   account:
 * PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
    140074 dnawebwo 25 0 45124
   13m 1820 R 51.2 0.0 727:27.90 perl sepi.pl 133469 dnawebwo 25 0 45124 13m 1820
   R 42.7 0.0 727:33.73 perl sepi.pl 78712 dnawebwo 18 0 16360 2296 1320 S 0.0 0.0
   0:01.78 imap 133468 dnawebwo 16 0 10816 1072 916 S 0.0 0.0 0:00.00 sh -c perl
   sepi.pl 2>&1 514522 dnawebwo 15 0 49380 9676 1348 S 0.0 0.0 1:18.10 /usr/sbin/
   apache3 -k start 551907 dnawebwo 15 0 49796 9540 864 S 0.0 0.0 0:00.01 /usr/sbin/
   apache3 -k start 555218 dnawebwo 15 0 49660 9512 864 S 0.0 0.0 0:00.00 /usr/sbin/
   apache3 -k start 592356 dnawebwo 15 0 49380 9208 844 S 0.0 0.0 0:00.00 /usr/sbin/
   apache3 -k start 604858 dnawebwo 15 0 49656 9440 864 S 0.0 0.0 0:00.05 /usr/sbin/
   apache3 -k start 620777 dnawebwo 15 0 49644 9424 864 S 0.0 0.0 0:00.00 /usr/sbin/
   apache3 -k start 622739 dnawebwo 15 0 49656 9440 864 S 0.0 0.0 0:00.11 /usr/sbin/
   apache3 -k start
 * After further review we have detected many malware scripts uploaded under the
   server tmp directory such as:
 * [root@tmdhosting950.com](https://wordpress.org/support/topic/security-glitch/root@tmdhosting950.com?output_format=md)[
   ~]# ll /tmp/ | grep dnawebwo
    -rw-r–r– 1 dnawebwo dnawebwo 0 Jan 16 03:14 allnet.
   jpg -rw-r–r– 1 dnawebwo dnawebwo 8682 Jan 16 03:02 bds -rw-r–r– 1 dnawebwo dnawebwo
   0 Jan 16 03:14 byroe.jpg -rw-r–r– 1 dnawebwo dnawebwo 232 Jan 5 04:49 cmdtemp-
   rw-r–r– 1 dnawebwo dnawebwo 303302 Jan 14 14:36 ipays.jpg -rw-r–r– 1 dnawebwo
   dnawebwo 188189 Sep 25 23:28 read.jpg -rw-r–r– 1 dnawebwo dnawebwo 52361 Sep 
   25 23:28 stun.jpg -rw-r–r– 1 dnawebwo dnawebwo 946 Dec 2 06:52 tmp.jpg
 * $language = ‘eng’;
    $auth = 0; $name = ”; // md5 Login $pass = ”; // md5 Password
 * $sh_id = “aXBheXMg=”;
    $sh_name = base64_decode($sh_id); $sh_mainurl = “[http://DeViL](http://DeViL)
   ^T3aM.name”; $html_start = ‘<html><head> <link rel=”SHORTCUT ICON” href=”[http://t3.gstatic.com/images?q=tbn:ANd9GcTjXqLeuQolGIVgCgXH79-kipRR1FvGvNwca6IhxYQ_ipH7hXIe”&gt](http://t3.gstatic.com/images?q=tbn:ANd9GcTjXqLeuQolGIVgCgXH79-kipRR1FvGvNwca6IhxYQ_ipH7hXIe”&gt);
   <center><img src=”[http://ups.imagup.com/04/1242538914_i2204910.gif&#8221](http://ups.imagup.com/04/1242538914_i2204910.gif&#8221);
   width=”1100″ height=”150″></p></center> <title>FakoMasT3r&#8482</title>
 * I am afraid that we will not be able to continue providing hosting services for
   your account. As a possible solution in this matter we can provide you with a
   limited time frame FTP access to the account to download your content.
 * Considering the information above, please let us know if you would like temporary
   access to the hosting account.
 * Kind regards,
 * George Moody
    Support Team Supervisor TMDHosting.com

Viewing 1 replies (of 1 total)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/security-glitch/#post-2515186)
 * [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)

Viewing 1 replies (of 1 total)

The topic ‘Security Glitch’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 2 participants
 * Last reply from: [esmi](https://wordpress.org/support/users/esmi/)
 * Last activity: [14 years, 3 months ago](https://wordpress.org/support/topic/security-glitch/#post-2515186)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics