WordPress compromised. Need Help! | WordPress.org

ekihc
(@cokwara)

12 years, 4 months ago

I have a shared hosting account through netfirms.com and my account keeps getting suspended because (according to netfirms) my wp account has been compromised. Apparently my account is being used to send mass spam mails through the script ‘wp-admin/user/profile-edit.php’. I was told to delete the compromised file, but EVERY TIME I go do that, the file is no where to be found. This happens just about every week now. I reset my password every time this happens.

The first time this happened, I noticed the following files in my home directory: backdoor.tmp, clean.tmp, list.tmp, malware.tmp. I deleted them, hoping that would be the end of it, but it still happened. I also found a few files in my wp directories, one which stood out was a emailform.php file. This stood out because the code seemed to be an email script with an email address I didnt recognize: pseudonymus_2004@yahoo.com (The code can be found below). Not sure whats going on, but I would appreciate any help. Thanks

emailform.php code
==================
[Code moderated as per the Forum Rules. Please use the pastebin]

Viewing 1 replies (of 1 total)

esmi
(@esmi)

12 years, 4 months ago

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

http://sitecheck.sucuri.net/scanner/

Viewing 1 replies (of 1 total)

The topic ‘WordPress compromised. Need Help!’ is closed to new replies.

In: Fixing WordPress
1 reply
2 participants
Last reply from: esmi
Last activity: 12 years, 4 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics