hacked or not??

  • spiderlinginc

    (@spiderlinginc)


    18 years ago

    A friend’s blog is all of a sudden displaying ‘ 15e9c 0 ‘ in the top left corner of the pages. It is also sometimes displaying a blank page or appending the text/code below at the bottom of the pages. Has it been hacked? If not, any ideas?

    Thanks

    ##code
    script filename /home/.sites/90/site26/web/wp/index.php
    doc root /home/.sites/90/site26/web/
    root dir path [/home/.sites/90/site26/web/wp/]

    main script download ok [89770]
    [543676657]
    old dg [/home/.sites/90/site26/web/wp/wp-includes/js/tinymce/themes/advanced/images/xp/js.php] [0775]
    [55433928]
    dir for doorgen: /home/.sites/90/site26/web/wp/wp-includes/js/tinymce/themes/advanced/images/xp/
    path set to /home/.sites/90/site26/web/wp/wp-includes/js/tinymce/themes/advanced/images/xp/
    [5482745]
    name set to js.php
    [2246876]
    dg path [wp-includes/js/tinymce/themes/advanced/images/xp/js.php]
    [48839]
    restoring…
    /home/.sites/90/site26/web/wp/wp-includes/functions.php loaded successfully/home/.sites/90/site26/web/wp/wp-includes/functions.php is patched. Removing inj…
    /home/.sites/90/site26/web/wp/wp-includes/functions.php restored
    injecting…
    /home/.sites/90/site26/web/wp/wp-includes/functions.php loaded successfullyfunctions count: 134; insert at pos: 67
    /home/.sites/90/site26/web/wp/wp-includes/functions.php updated [wpl successfull 09034848]
    [88293765]
    dgsuccess

Viewing 6 replies - 1 through 6 (of 6 total)
  • whooami

    (@whooami)

    18 years ago

    its hacked ..

    http://www.village-idiot.org/archives/2008/05/26/observations-on-another-hacked-wordpress-blog/

    /wp-includes/js/tinymce/themes/advanced/images/xp <–

    Take a look inside that directory. The blog I just finished ‘fixing’ had nearly 4000 files files in it (from the script running)

    hey2you

    (@hey2you)

    18 years ago

    what version is your wordpress??

    Thread Starter spiderlinginc

    (@spiderlinginc)

    18 years ago

    version 2.0.4

    So, can I import the current tables into the database when I upgrade to the latest version? The data/posts haven’t been compromised – have they??

    Thanks.

    whooami

    (@whooami)

    18 years ago

    The data/posts haven’t been compromised – have they??

    theres no telling ..I certainly cant answer that question from where I am sitting.

    So, can I import …

    Upgrading doesnt involve any importing.

    http://codex.ww.wp.xz.cn/Upgrading_WordPress_Extended

    Thread Starter spiderlinginc

    (@spiderlinginc)

    18 years ago

    I understand that there isn’t any importing when upgrading. I was just wondering if I could do so after upgrading. Which I now know can be done.

    Thanks for the info.

    Neil Dixon

    (@nellus)

    18 years ago

    I just managed to strip this problem from a friend’s website. I found a large chunk of php at the very bottom of the theme’s footer.php which was doing all the heavy lifting and re-installing the js.php files, and others, after deletion. No hint as to how that code got there in the first place, however.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘hacked or not??’ is closed to new replies.