Site Hacked: no-tp.php (2 posts)

  1. shelleyp
    Posted 8 years ago #

    I found a file in my theme, no-tp.php, that's a Russian hacker file. It was created October 13th, which should have been before the recent 2.3.1 bug fix.

    Before I submit this as a problem, I'm trying to filter out whether others have had this same hack, or if I'm the only one and the problem is because of my own extensions.

    Has anyone else found a file called no-tp.php in their theme directory? Anyone else recognize the file name? This was a rename of the infamous r57shell.php file.

    The theme directory is not world writable. None of my WP subdirectories are. However, user was nobody, so it most likely came through via a PHP application, most likely WP.

  2. stadium
    Posted 8 years ago #

    yeh, my site just got hacked and the guestbook displayed some russian freedom fighter propaganda

Topic Closed

This topic has been closed to new replies.

About this Topic