homepage Welcome to WebmasterWorld Guest from 23.20.149.27
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Home / Forums Index / Code, Content, and Presentation / WordPress
Forum Library, Charter, Moderators: lorax & rogerd

WordPress Forum

    
wp-includes files being randomly deleted and new admin users. Hacked?
MrSavage




msg:4458747
 8:42 pm on May 28, 2012 (gmt 0)

Hi. I appreciate any advice in this matter. I'm at a bit of a loss here. I have various blogs on a server. Those blogs were all broken as most of them suddenly had 2 files from wp-includes deleted from the server. I've noticed that a couple blogs have a new admin which I never added. Seems like I've been compromised certainly. I'm wondering if anyone has had similar issues in the past. Unfortunately I'm using Woothemes and as you might recall they had a security flaw with timthumb and I was slow (no communication) in fixing this flaw. Now I'm wondering about my entire server. Even my blog installations not using Woothemes were down today because of the missing files. Any possible insights would be greatly appreciated. This feels like cockroaches where once they are in they are a bugger to get rid of. This is the second time I've had this happen in the past month or two. Now I know it's not a password issue.

 

rocknbil




msg:4459067
 4:13 pm on May 29, 2012 (gmt 0)

If you're sure it's not your passwords, how about the FTP passwords? How secure is **your** computer, and is the AVG up to date? Sometimes the point of access is your computer.

Most (but not all) Workpress hacks manifest themselves as files (index.php and .js files, specifically) being injected with malicious Javascript leading to a compromised server that installs a malware on the client host. With files being deleted and new admin level users appearing, you may have something more serious on your hands and it's very likely Worpdress itself is not the entry point.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / WordPress
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved