Support » Fixing WordPress » Site hacked by PoH

  • About for times now, my WordPress blog has been ‘hacked’. I believe this is what has been happening: my index.php page has been renamed to index.phpa, and then a new index.php has been created that only contains the line, “This site was hacked by PoH”.

    Obviously, it’s easy to get things back to normal, but it’s really starting to piss me off. I have made sure that I upgrade to WordPress 2.02, I’ve changed my WordPress admin password as well as the password at my host (Bluehost), but it sitll happened again today.

    Nothing else was touched, just the Index.php page.

    Does anyone have any ideas how they might have done that? Is there an exploit in WordPress somewhere?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Mark (podz)


    Support Maven

    It’s not a known exploit.
    Ensure that ALL files have permissions of 644

    That includes ALL theme files. For now, edit offline.
    It’s probably a script on the server which looks for known files which was writable – so the best thing you can do is not have ANY files at anything over 644.

    Bluehost should know better too. If they really do believe it’s a hole in WP, they should say so. But they can’t because there isn’t 🙂

    Ask anything you need to.

    Mu site hacked

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Site hacked by PoH’ is closed to new replies.