Webs

  • fillerline

    (@fillerline)


    15 years, 6 months ago

    Our WordPress (3.0.1) website was hacked 2 days ago. The defacer went to theme-editor.php and edited our index.php. The defacer was able to log in without any traces of bruteforcing. I think he was knowledgeable of the password at first. Though before the access, he went to view wp-content’s contents and plugins before he was able to log in. The codes and the database were unchanged. The password for wp-admin was touched though.

    The hacker named protocol is from Dos-DZ team who’s a part of a network of hackers named DZ hackers.

    So what do you guys think?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator James Huff

    (@macmanx)

    15 years, 6 months ago

    Are you absolutely sure that he edited the file through the theme editor, or did he just gain access to the server itself and edit or replace the file the old-fashioned way?

    The “old-fashioned way” has been around for many years. All a hacker needs to do is compromise an account (or simply open an account) on a poorly secured shared server to gain access to the entire thing.

    Thread Starter fillerline

    (@fillerline)

    15 years, 6 months ago

    Based on the logs, he accessed theme-editor.php and did his thing.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Webs’ is closed to new replies.