Been Hacked by c99madshell v.2.0

  • My wordpress blog was hacked by the c99madshell v.2.0 script and have been able to somewhat recover by going into my hosting control panel and using a default WP theme (2011)

    The attacker somehow gained access to my blog https://www.mostprestigiouscreditcards.com

    I am using WordPress 3.3.2 and was using a third party blog theme however from all the reading I’ve done in a lot of forums I can not figure out where the vulnerability is.

    Help please…. anyone….

    Thanks in advance for any help you can provide!!!

Viewing 5 replies - 1 through 5 (of 5 total)

  • Hi,
    Sadly this indicates a back door script remains hiding within your website. Someone will need to log in via FTP and review “every” file on your website for hidden code or scripting.

    I would start by installing the “Timthumb Vulnerability Scanner” plugin. This plugin may help in locating some compromised files as well.

    Likewise, be sure to delete all inactive plugins and themes if you have any remaining.

    Thread Starter doogster

    (@doogster)

    Hey Hacker Repair Guy,

    I’ve downloaded each and every file via FTP from the server, on a dedicated server, which causes a lot more concern for me as I am going through everything to get a hint of something wrong….

    Man, I don’t got the time for poop heads that do this stuff… K, enough of going off on a rant.

    Need some serious help here to ensure hacks don’t happen again….

    In this case I choose to go with a Rocket Theme… I really like their designs but just started using them so could have missed some security stuff… BTW, I am a former UNIX sys admin so not a novice with any of this…

    Do you know of any vulnerabilities in the Rocket Themes set of themes…. I am taking a bold and brave move to reinstall rocket themes on https://www.mostprestigiouscreditcards.com/…. kinda curious to see what happens next….

    Any advice is appreciated and would like to connect one to one to chat about things..

    Thanks again in advance for your help!!!

    Hi,
    If you have concerns about a theme your best bet is to ask the developer.

    Since you are not listed in Google as having malware I would say you are fine for now.

    Do you have concerns you remain hacked at this time?

    In your theme, look for a file that’s named either ‘thumbs.php’ or ‘timthumb.php’. This is the biggest cause of hacks that I’ve seen so far. I’ve had to remove it from six different commercial themes so far because it’s just not secure. If you are a Unix admin, then you’ll know how to grep through the code and look for any text of ‘timthumb’. If that’s in your sites source code, then you have got a very good chance of still being vunerable.

    Thread Starter doogster

    (@doogster)

    Hey Hack Repair Guy and Michael,

    Been over-reading things and digging through files, downloaded to my PC, been grepping for lots of things, on west coast and going on close to midnight… going to bed now hoping no attacks can happen on that site

    Thank you so much both for getting back to me…. Need some sleep now and will keep you both posted on my progress in isolating this problem and fixes…

    Likely will be posting more questions again tomorrow….or when I wake with ideas in the early AM hours….

    Seriously though, very thankful for being there and willing to help!!!

    Man…. Too tired for (Bad_Word_Goes_Here) hackers!!!!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Been Hacked by c99madshell v.2.0’ is closed to new replies.