[closed] Site attacked with WordPress 3.0 (5 posts)

  1. walter@lauzon-ent.com
    Posted 6 years ago #

    My website was recently hacked and I had a hard time figuring things out, but here's what I've done. (not sure if this will prevent it from happening again...)

    First I tried to re-install WP. That didn't work because the access had been denied.

    I tried using FTP to delete the WP files and folders. Access was denied again.

    Finally I changed the permissions to 755 - fortunately this allowed me to delete all of the old WP files/folders.

    I noticed that the '.htaccess' file had been changed - I deleted the offending code and saved the new file.

    Now, I'm pretty sure that the permissions are set to 755/folders and 644/files.

    Is there any other loopholes that still exist in 3.0?

  2. esmi
    Forum Moderator
    Posted 6 years ago #

    There's no evidence to suggest that the loophole was in WP 3.0. It could have come from anywhere on the server.

  3. Daniel Cid
    Sucuri.net Support
    Posted 6 years ago #

    Most probably you had a backdoor hidden in there even before you installed WP 3.0. Try searching for .php files inside wp-content/uploads, since these is a common place to have backdoors hidden.

    If you had spam on your blog, this article show some techniques and tips how to fix it:

  4. Context Canada
    Posted 5 years ago #

    I am cleaning up numerous websites (all WP based_some with WP 3.04-some inactive) that are all belong to an server account with multiple domains. It appears that the rogue files were uploaded on Dec 17 2010 and somehow activated in the new year with rewrites taking place just after 12 am Jan 1 2011. There were 2 php files in the main directory of the sites that ended up modifying my index.php files. Is there somewhere that I can get some assistance with security for this? My server support seems to be shrugging their shoulders.
    Thanks, Terry

  5. esmi
    Forum Moderator
    Posted 5 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic