WordPress Instalation Hacked! (6 posts)

  1. Asido
    Posted 9 years ago #

    Hi, I am using wordpress for the Asido project website (http://asido.info). Today I found a file inside my plugins directory that I haven\'t uploaded. When I run it it turned out to be some hack tool for browsing server-side. It is called \"C99madShell v. 2.0 madnet edition\". If you want I can forward it to you.

    So, my question is how does this happen ? I don\'t have anything else stored on the hosting account where Asido.info is except wordpress. Is there some security problem I need to know about ?

  2. whooami
    Posted 9 years ago #

    ...meta name="generator" content="WordPress 2.1.3" /> <!-- leave this for stats -->

    It happens when webmasters dont pay attention:

    LOOK on your dashboard -- those feeds include upgrade information.

    Failing that, there's always here:


    In other words, if you cannnot keep your software current - you have nowhere else to look but at yourself.

  3. Soulmaster
    Posted 8 years ago #

    this is strange, im using 2.1.3 and got the same problem.

  4. Jeremy Clark
    Posted 8 years ago #

    Because 2.3.2 is the latest version and you haven't updated.

  5. Jeremy Clarke
    Posted 8 years ago #

    wth, since when is there two jeremy clark[e]'s in WordPress land?

    This is alarming.

  6. scripter
    Posted 8 years ago #

    I was hacked on my own server I run from my house. They changed my config file which put up a black page that stated I was hacked by CEM111 and went on to show a flash slideshow stating that it was done in the name of the islamic community.
    I just found the c99shell on the drive but also noticed a complete shell running aparently called locus7shell which if you run a search on google for the you will notice that there are a large amount of people out there that are infected with this and you have access to their files on the servers with command options including uploading.
    I have since taken my site down and deleted everything.

    I suspect that they did this going through the setup-config.php file in the admin directory. from there changing the config file which opened them up for the rest of the changes. Of course this is just my suspicion not a fact. So one bit of advise is to make sure after installing your WP make a backup of the setup-config.php file and delete the one on the server. Then make sure to set the config file to read only

    Other then that I dont know what

Topic Closed

This topic has been closed to new replies.

About this Topic