Site hacked! Macker's php shell? (3 posts)

  1. hboswell
    Posted 10 years ago #

    I discovered this morning that one of my blogs has been hacked. I can't figure out how it was done, but I'm suspicious of a couple of files in the wp-content directory - tlz.php and tlz_01.php. They both seem to be something called Macker's PHP shell. I'm running WP 1.5. Help???


  2. Mark (podz)
    Support Maven
    Posted 10 years ago #

    1. Talk to your host.
    2. Change passwords.
    3. Backup your data fully.
    4. Delete anything you did not upload.

    Do not assume that WP is the vulnerable part here - ask your host to check logs.

    Who is your host ?

  3. hboswell
    Posted 10 years ago #

    I'm not assuming WordPress is the problem. But I am assuming I'm not the first person to have a WordPress blog hacked. I discovered an entry in the wp database that allowed php files to be uploaded, and deleted that. I'm guessing the two tlz*.php files were the culprit, and I deleted them. But I'm not assuming I'm safe yet.

Topic Closed

This topic has been closed to new replies.

About this Topic