Title: Exploit in Twentyten author.php ?
Last modified: August 21, 2016

---

# Exploit in Twentyten author.php ?

 *  [develth](https://wordpress.org/support/users/develth/)
 * (@develth)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/exploit-in-twentyten-authorphp/)
 * Hi there,
 * i got an abuse report and i checked my logs etc.
 * I stumpled upon folloewing:
 * >  63… – – [13/] “GET /wordpress/wp-content/themes/twentyten/author.php HTTP/
   > 1.1” 200 438 “-” “Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/
   > 15.0.1”
   >  63… – – [13/] “GET /favicon.ico HTTP/1.1” 404 309 “-” “Mozilla/5.0(
   > Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1” 63… – – [13/] “POST/
   > wordpress/wp-content/themes/twentyten/author.php HTTP/1.1” 200 4697 “[http://host.com/wordpress/wp-content/themes/twentyten/author.php&#8221](http://host.com/wordpress/wp-content/themes/twentyten/author.php&#8221);“
   > Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1” 63… – –[
   > 13/] “POST /wordpress/wp-content/themes/twentyten/author.php HTTP/1.1” 200 
   > 3597 “[http://host.com/wordpress/wp-content/themes/twentyten/author.php&#8221](http://host.com/wordpress/wp-content/themes/twentyten/author.php&#8221);“
   > Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1” 63… – –[
   > 13] “POST /wordpress/wp-content/themes/twentyten/author.php HTTP/1.1” 200 3668“
   > [http://host.com/wordpress/wp-content/themes/twentyten/author.php&#8221](http://host.com/wordpress/wp-content/themes/twentyten/author.php&#8221);“
   > Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1” 63… – –[
   > 13] “GET /smtp.php HTTP/1.1” 200 1725 “-” “Mozilla/5.0 (Windows NT 6.1; rv:
   > 15.0) Gecko/20100101 Firefox/15.0.1” 63… – – [13] “POST /smtp.php HTTP/1.1”
   > 200 2797 “[http://lufti.lowrater.de/smtp.php&#8221](http://lufti.lowrater.de/smtp.php&#8221);“
   > Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1” 63… – –[
   > 13] “POST /smtp.php HTTP/1.1” 200 2842 “[http://lufti.lowrater.de/smtp.php&#8221](http://lufti.lowrater.de/smtp.php&#8221);“
   > Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1” 63… – –[
   > 13] “POST /smtp.php HTTP/1.1” 200 2840 “[http://lufti.lowrater.de/smtp.php&#8221](http://lufti.lowrater.de/smtp.php&#8221);“
   > Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0.1” . . .
 * In the author.php was in first line some code that definitly does not belong 
   to it ( i removed the whole page, but if you want i can access to it via bacula)
   and this created the smtp.php
 * Is this familiar?
 * Thanks & Cheers,
    Thomas

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/exploit-in-twentyten-authorphp/#post-3754578)
 * You need to start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Anything less will probably result in the hacker walking straight back into your
   site again.
 * Additional Resources:
    [Hardening WordPress](http://codex.wordpress.org/Hardening_WordPress)
   [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) 
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
 *  Thread Starter [develth](https://wordpress.org/support/users/develth/)
 * (@develth)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/exploit-in-twentyten-authorphp/#post-3754579)
 * Thanks for the Information!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Exploit in Twentyten author.php ?’ is closed to new replies.

## Tags

 * [author](https://wordpress.org/support/topic-tag/author/)
 * [exploit](https://wordpress.org/support/topic-tag/exploit/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 2 replies
 * 2 participants
 * Last reply from: [develth](https://wordpress.org/support/users/develth/)
 * Last activity: [13 years, 1 month ago](https://wordpress.org/support/topic/exploit-in-twentyten-authorphp/#post-3754579)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics