Hacking of WP2.6.2 site continues

  • I continue to have my site hacked. I have done every recommended security fix, including the renaming of my sql file prefix.

    Last week, the hacker gained access to my site and replaced the index.php file with and html file that displayed a page of ‘fahad.x’ and ‘hacked by me’ crap. I restored the index.php and changed the FTP password.

    Today the hacker changed the title of my web site “FUXX You Mark” in the MySql options file and replaces the index.php file with and view code copy where he changed the title line to the above and left everything else the same. I am at lose to explain this.

    My Hosting vendor is IX Web Hosting. I DO NOT RECOMMEND these guys. They refuse to acknownledge there is something going on and have been almost useless.

    I actually beleive they IX has a renagade employee or former employee who may be contributing to this.

    I’d be interested in hearing from other WP bloggers with simular problems.

Viewing 2 replies - 1 through 2 (of 2 total)

  • A reputable host would be extremely concerned about this happening on shared servers.
    Having said that, look in your theme files for weird code – it could be anywhere of course. More likely they are getting in on some other acct. and have server-wide access.
    Demand help from your host.

    Thread Starter the_scribe

    (@the_scribe)

    I FTP’s my blog site to my local drive and scanned it with McAfee.
    It found the following trojans:

    Exploit-MS06-014 in the INDEX.PHP in the root directory
    PHP/BackDoor.gen in a INDEX.PHP in the wp-contents directory
    BackDoor-CUS!php in a file called mohtram.php

    I am not sure how ‘they’ succeeded to place these files, but they certainly were used to mess up my blog.

    Thanks for the reply Samboll

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Hacking of WP2.6.2 site continues’ is closed to new replies.