homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / WordPress
Forum Library, Charter, Moderators: lorax & rogerd

WordPress Forum

wp-includes files being randomly deleted and new admin users. Hacked?

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

Msg#: 4458745 posted 8:42 pm on May 28, 2012 (gmt 0)

Hi. I appreciate any advice in this matter. I'm at a bit of a loss here. I have various blogs on a server. Those blogs were all broken as most of them suddenly had 2 files from wp-includes deleted from the server. I've noticed that a couple blogs have a new admin which I never added. Seems like I've been compromised certainly. I'm wondering if anyone has had similar issues in the past. Unfortunately I'm using Woothemes and as you might recall they had a security flaw with timthumb and I was slow (no communication) in fixing this flaw. Now I'm wondering about my entire server. Even my blog installations not using Woothemes were down today because of the missing files. Any possible insights would be greatly appreciated. This feels like cockroaches where once they are in they are a bugger to get rid of. This is the second time I've had this happen in the past month or two. Now I know it's not a password issue.



WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 4458745 posted 4:13 pm on May 29, 2012 (gmt 0)

If you're sure it's not your passwords, how about the FTP passwords? How secure is **your** computer, and is the AVG up to date? Sometimes the point of access is your computer.

Most (but not all) Workpress hacks manifest themselves as files (index.php and .js files, specifically) being injected with malicious Javascript leading to a compromised server that installs a malware on the client host. With files being deleted and new admin level users appearing, you may have something more serious on your hands and it's very likely Worpdress itself is not the entry point.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / WordPress
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved