Interesting WP sites hacked

Discussion in 'General WordPress Discussions' started by kris, Jan 18, 2012.

  1. kris Member

    Hi!
    Today my wordpress sites based on 3.3.1 release was hacked through comments or W3TC plugin, as a result I got my server disabled.

    Anybody else had a similar problem?

    HTML:
    http://www.phishtank.com/phish_detail.php?phish_id=1344402
    kris, Jan 18, 2012
    #1

  2. Kevin Muldoon WordPress Fanatic!

    No I've thankfully not had any problems with that. Any further information about this would be appreciated.
    Kevin Muldoon, Jan 18, 2012
    #2

  3. kris Member

    infected files were in
    wp-content/uploads/redirect.php // Trojan-Mailfinder.PHP.Mailer.p
    wp-content/uploads/forum1.php // Backdoor.PHP.WebShell.bu
    root wordpress folder/var.php // Backdoor.PHP.C99Shell.u
    wp-includes/flash.php
    wp-includes/theme-compat/yahoo/index.html
    those two were infected with antoher trojans
    it is all that Kaspersky found so far, but content is still downloading from ftp
    kris, Jan 18, 2012
    #3

  4. Kevin Muldoon WordPress Fanatic!

    It's a bit worrying that a plugin such as w3 cache could be the cause of the this. Hopefully you get this resolved without any major problems.
    Kevin Muldoon, Jan 19, 2012
    #4

  5. kris Member

    I've cleaned all files, reuploaded and site is acting normal :) so no bigger damages, but my site is blacklisted @ phishtank.com and WOT, no idea how to restore previous positive status
    kris, Jan 19, 2012
    #5

  6. Kevin Muldoon WordPress Fanatic!

    You must be able to contact them and advise them that your site is safe. Not sure what the response time will be like though :)
    Kevin Muldoon, Jan 19, 2012
    #6

  7. Thilak Kumaran New Member

    you have to think twice before installing new plugins.
    Adding your site with norton,mcafee online scan will makes your site periodically validated and stay away from these vulnerabilities.
    wp-security scan is the wordpress plugin i suggest to scan the vulnerablities periodically to locate this.you can install whenever needed and uninstall this plugin after getting the test results.
    Thilak Kumaran, Mar 11, 2012
    #7

Share This Page

Users found this page by searching for:

  1. wordpress 3.3.1 hacked

    ,

  2. backdoor.php.shell!e2 wordpress

    ,

  3. hack wordpress-3.3.1

    ,
  4. hack wordpress 3.3.1,
  5. wordpress 3.3.1 hacks,
  6. wordpress 3.3 password hack,
  7. wordpress 3.3.1 backdoor,
  8. wordpress 3.3.1 guide hack,
  9. forum1.php trojan,
  10. how to hack wordpress 3.3.1