umm, and what there suggests a hack?
fix the permissions on wp-includes/compat.php so that THIS isnt happening:
http://go0d.com/wp-includes/compat.php
Forbidden
You don’t have permission to access /wp-includes/compat.php on this server.
Youve been messing with something, as even google’s cache of your site shows it without a theme.
Crying wolf about being hacked is a bad idea, honestly — if you dont know for sure, dont do it.
Thread Starter
go0d
(@go0d)
please – check again… http://go0d.com/?p=3
I wasn’t crying wolf at all, a friend was trying
to help with denying anyone’s access to the blog,
as he did not know that I wrote here on the forum…
thank you
yah, ok, fair enough. My bad. Im sorry.
thats a remote shell.
might be wordpress related, might not.
If you can locate your server logs AND your ftp logs, you can more than likely track down the entry point.
I would be looking around on your server to see if thats an actual file, OR if its code thats been added .. Ill bet its a file, and its been included.
You want to get the timestamp on that file, so you can compare the timestamp to anything that in those logs.
By the way, your site is completely compromised, assuming any of those commands were executed.
If this were mine — I would grab a backup of my database from phpmyadmin — and shitcan EVERYTHING after doing that.
Start over — fresh database, fresh password. Fresh WP install, fresh admin passwd(s). Fresh files, and safe permissions.
All of that, after I hunted down that file and got the timestamp so I could compare it to anything I located in the logs.
Thread Starter
go0d
(@go0d)
Thank you for your input whooami, I will do
as you suggested
have a good night
have a good night
thanks, I wish i could say the same for you, but I dont think you will. 🙁