WordPress Hack - wp-includes/stat file (4 posts)

  1. trinitywebhosting
    Posted 5 years ago #

    My customers site - http://lookingcloser.org. Continues to get hacked. Each time two files show up in wp-includes or wp-admin called stat and uploads (no extension on either). Somehow facebook and google pick up the code in these files as the cached code for the site. These files contain code that points to pharmaceutical sites, so that is what people see on facebook and google.

    We've deleted the files 3 different times, but they always come back after a few weeks. Is there a hole we need to plug?

    Thank you.

  2. Saildude
    Posted 5 years ago #

  3. UseShots
    Posted 5 years ago #

    @trinitywebhosting: It looks like there are many other sites hacked on your server. I would be concerned with file permissions and isolation of individual sites.

    Did you notice the owner of those stat and uploads file? Was it your user or web servers user? What are the permissions of wp-includes and wp-admin directories?

    I'd like to take a look at those rogue files. Could you contact me if you still have them?

  4. trinitywebhosting
    Posted 5 years ago #

    to Useshots

    We use Rackspace Cloud sites and our individual sites are isolated. Where do you see that we have many other sites hacked? I have not been receiving that type of feedback from customers.

    Next time the Rogue files show up, I'll send them on to you.

Topic Closed

This topic has been closed to new replies.

About this Topic