w8lifter2000

So I don’t know if anyone noticed this. The /www.yoursite.com and /www.yoursite.com/web and /www.yoursite.com/web/content were all chmod 777 by default. I know this because wp security scanner made suggestions to change these permissions before all the blog postings started. I know because I started this a few days ago. Now all of a sudden as I’m applying fixes to sites now that were not so critical…the content directory is now 755 on every site I go to work on. Interesting…

@axelf78 I have installed wp-security scan, secure-wp, askapache password protect, locked down wp-admin with htaccess, installed secret key, copy the db table over to a new db with WP Table Rename and I reset all the permissions on the root folders to 755. I am as well researching additional methods. I found a site for a commercial plugin called wpsecurity.net which claims to offer tons of various protection. I am on the forums as well with RS.

The only places I am seeing those in the db is wp_options and they have entries like _transient_feed_d6cfc08a6692d799c9f341ff6f5734d5

@pro99 I have put about 10 sites in there so far with varying pages and all come back clean so far. I spent a good bit of time 5 days ago when I initially reported to Rackspace removing that account from tons of sites and putting additional measures in place. Rackspace needs to credit their clients in somekind of way if this is in fact due to the security bug in phpmyadmin. We pay for this amount of money for a reason.

davidjamesca, is it possible that the only thing done was install this ‘amin’ account? I am having a terrible time finding anything beyond that. Can you suggest any methods to utilize to look for the effects of this hack? I also noticed some accounts with wordpress@www but that was only on a few.

Do you know the specific location in both the database and the file tree for these hacks?

Has anyone found this attack affecting anything beyond the creation of the amin user account?