Replace it with a new copy.
Thread Starter
dirky
(@dirky)
I’ve just done some more checking here.
7 out of 9 sites seem to have been affected.
I can login to the admin area on them all but the affected ones have a 0 bytes index.php file.
The versions range from 2.1.3 to 2.7.1 which have been changed but there is a 2.7.1 and a 2.3 site which seems to be fine?
Thanks
M
what index.php are you looking at, that you see is 0bytes? specifically, what is the path to the file?
Thread Starter
dirky
(@dirky)
Its the index.php in the root of the wordpress sites.
I’ve since found a folder called sovereign within several of my wordpress
sites containing somes huge files containing links, spam words/phrases and 3 php files called linkator.php main.php and tpl.php, also some css.js file.
It appears somehow my sites have been hacked on my host, servage.net .
I even have a static site which has had this soverign directory palced in it.
My guess is these are going to be called upon to do some kind of ddos?
I’m puzzles as to why they overwrote the index.php file with a 0 byte replacement, persmission of this is 777 also.
Thanks
M
My guess is these are going to be called upon to do some kind of ddos?
dunno, honestly. did you google any of the script content?
when this immediate problem is taken care of — upgrade those 2.1.x blogs you spoke of.
