Had site hacked fixable, but something I don't get.

  • Hi

    Had some of my subdomains hacked, which I have fixed, but my main domain is showing what I think is an apache file browser. I have put a ‘deny all’ in the .htaccess so it’s safe for now.

    I can log in to the backend of the wp site, no trouble at all, but the front end remains the same. Looks to me like something is broken.

    Does anyone have a solution to this?

    Would be much appreciated.

    Jim

Viewing 4 replies - 1 through 4 (of 4 total)

  • Perhaps your .htaccess file was modified as part of the attack to allow directory listings.

    Have you completely and thoroughly reinstalled, WordPress, all plugins and themes from known safe copies? If not, chances are there’s a backdoor on your site that will allow the issue to return.

    Thread Starter jimhitch

    (@jimhitch)

    Hi Jackson

    Thanks for getting back to me. Yes, I understand about starting all over etc.

    I was just curious, really, as the .htaccess file had not been altered, I still have access to the backend, so was wondering what file could be ‘telling’ WP to put up a file browser. It doesn’t seem to be index.php.

    Jim

    It’s hard to tell exactly what “file browser” means to you, but I thought perhaps your .htaccess was allowing directory listings, ie: visit mysite.com/wp-content/uploads/2011/ and it shows a list of all the images in the folder.

    Whatever is causing this file browser to show would indicate a compromise of some sort – somewhere – especially if it’s appearance coincides with your initial attack.

    You might try the excellent Exploit Scanner plugin to locate any nefarious files.

    Thread Starter jimhitch

    (@jimhitch)

    Great, thanks, I’ll have a look at it when I get a chance and report back.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Had site hacked fixable, but something I don't get.’ is closed to new replies.