Hacked By Georgian Hackers

Make sure you notify your web host about this breach in security. There has been quite a bit of hackery going on with regard to an xmlrpc exploit and the advice is to just kill the file (it’s in the wp root). Don’t know if that was the method of ingress in your case tho.

Contact [email protected] with any info you may have such as server logs etc.

Thanks, I removed the file mentioned so it’s not usable. Thanks for the information. I sent email to the address above.

Some of the log files I’ve seen look like someone logged in via wp-login.php, changed some files via templates.php, and changed some options via options-general.php. Looks like they just logged in with the proper username and password. Changing the passwords for all users on your blog would be a good idea. If you’ve been hacked, check your options in Options->General, your /index.php file, and all of your theme files for tampering.

Those of you who were hacked, what host are you on?

Several of those hacked are using the wp-forum plugin, which has a vulnerability that is being actively exploited.

https://www.frsirt.com/english/advisories/2008/0235

ryan,

you can take the horse to the water but you cant make it drink ??

https://www.ads-software.com/support/topic/154770?replies=5

(On a completely unrelated note, bentram left a comment on my site that he was adding a link to my site inside a trac ticket that relates to the xmlrpc issue.. delete the link please when you come across it. matt is already aware of whats on my site)