Site hacked by PoH (3 posts)

  1. teach42
    Posted 9 years ago #

    About for times now, my WordPress blog has been 'hacked'. I believe this is what has been happening: my index.php page has been renamed to index.phpa, and then a new index.php has been created that only contains the line, "This site was hacked by PoH".

    Obviously, it's easy to get things back to normal, but it's really starting to piss me off. I have made sure that I upgrade to WordPress 2.02, I've changed my WordPress admin password as well as the password at my host (Bluehost), but it sitll happened again today.

    Nothing else was touched, just the Index.php page.

    Does anyone have any ideas how they might have done that? Is there an exploit in WordPress somewhere?

  2. Mark (podz)
    Support Maven
    Posted 9 years ago #

    It's not a known exploit.
    Ensure that ALL files have permissions of 644

    That includes ALL theme files. For now, edit offline.
    It's probably a script on the server which looks for known files which was writable - so the best thing you can do is not have ANY files at anything over 644.

    Bluehost should know better too. If they really do believe it's a hole in WP, they should say so. But they can't because there isn't :)

    Ask anything you need to.

  3. liohaa
    Posted 9 years ago #

    Mu site hacked

Topic Closed

This topic has been closed to new replies.

About this Topic