File blocked (website is down currently help!)

  • Was having trouble with my website themommaven.com today and contacted our web host who replied telling me.

    “/home/mommaven/public_html/wp-content/plugins/shell.php: Atomicorp.honeypot.hex.php.cmdshell.cih.210.UNOFFICIAL FOUND

    Of the above, the oldest was:

    File: /home/mommaven/public_html/wp-content/plugins/shell.php
    User: mommaven, Group: mommaven
    Size: 167639
    Modify: Sat, 01 Dec 2012 16:43:32 -0600 (1354401812)
    Change: Sat, 01 Dec 2012 16:57:14 -0600 (1354402634)

    Here is a log entry from when the above file was uploaded to the account by someone who was abusing an otherwise legitimate file on the site to do so:

    217.66.156.97 – – [01/Dec/2012:16:57:12 -0600] “POST /wp-content/plugins/livesig-ajax-backend.php HTTP/1.1” 200 197 “-” “Mozilla/5.0 (Windows NT 6.0; rv:17.0) Gecko/17.0 Firefox/17.0”

    Right after that, the hacker used the newly-uploaded shell file:

    217.66.156.97 – – [01/Dec/2012:16:58:57 -0600] “GET /shell.php HTTP/1.1” 404 15735 “-” “Mozilla/5.0 (Windows NT 6.0; rv:17.0) Gecko/17.0 Firefox/17.0”

    In order to protect the site, we have blocked the file used to upload the shell file.

    File Blocked: /home/mommaven/public_html/wp-content/plugins/livesig-ajax-backend.php “

    Any ideas how to remedy this? We tried updating the WordPress and reinstalling wordpress even…

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘File blocked (website is down currently help!)’ is closed to new replies.