I have changed all my passwords, but I am concerned how they got in in the first place.
Any ideas?




TO WHOM IT MAY CONCERN:

The security experts of cyscon GmbH like to ask you to remove/review the below mentioned file from/on your servers. At least one of our scanners detect it, and we consider it as malicious:

################################################## ######################
# begin logs

IP: 216.246.77.77
URL: http://www.goodguyssecurity.com/wp-c...a367/index.php
Port: 80
Tested on: Fri, 27 Jul 2012 03:13:50 0200
Result: CYSC.DEF.KSG.CREW.EXPLIZIT

# end logs

Site still has a problem

Without a detailed forensic examination of your site, there is really no way to tell. It could even be that your pc is infected and has a key logger and that is how they got your password
Or maybe the server has a security hole and they got in via another account
Or maybe you are using a plugin with a security hole
Or...who knows. This is a very tough subject to figure out. Do a google search and see how many write ups and people who specialize in this work.

Sorry it happened to you and I feel your pain but this goes way beyond this forum. Try wordpress.org

Where you said "site still has a problem" is that a statement or a question?


I manage hundred of domains, so if a keylogger was the issue, I figure I would have more sites down.
hosting is supposedly looking into also.

I was hoping that by some chance you may have heard of this group and have an idea as to their MO.

I did a search on google and found hundreds of sites hacked but as of yet no real article on who or how they are doing it.. just finding hacked sites. I know, I will keep searching..

As always a pleasure hearing from you

Alan

still has a problem I get

HTML Code:

Fatal error: Call to undefined function bfa_get_options() in /home/goodguys/public_html/wp-content/themes/atahualpa367/index.php on line 2

when going to the site