Support » Fixing WordPress » Site hacked! Macker’s php shell?

  • I discovered this morning that one of my blogs has been hacked. I can’t figure out how it was done, but I’m suspicious of a couple of files in the wp-content directory – tlz.php and tlz_01.php. They both seem to be something called Macker’s PHP shell. I’m running WP 1.5. Help???

    Thanks,
    Harry

Viewing 2 replies - 1 through 2 (of 2 total)
  • Mark (podz)

    (@podz)

    Support Maven

    1. Talk to your host.
    2. Change passwords.
    3. Backup your data fully.
    4. Delete anything you did not upload.

    Do not assume that WP is the vulnerable part here – ask your host to check logs.

    Who is your host ?

    I’m not assuming WordPress is the problem. But I am assuming I’m not the first person to have a WordPress blog hacked. I discovered an entry in the wp database that allowed php files to be uploaded, and deleted that. I’m guessing the two tlz*.php files were the culprit, and I deleted them. But I’m not assuming I’m safe yet.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Site hacked! Macker’s php shell?’ is closed to new replies.