Title: Possible Exploit &#8211; Question
Last modified: August 19, 2016

---

# Possible Exploit – Question

 *  [richrider](https://wordpress.org/support/users/richrider/)
 * (@richrider)
 * [16 years, 4 months ago](https://wordpress.org/support/topic/possible-exploit-question/)
 * So a few weeks ago I posted how a few of my sites had been hacked. It has been
   an on going issue where the group has tried numerous times to gain access. This
   past attempt, a hacker was able to gain access to one of my sites (I left one
   site up as a dummy site to see what/how they were gaining access). In my logs–
   this is what I saw – can anyone explain possibly what/why these commands were
   used? Also are these a possible sign of a new exploit/security vulnerability 
   in 2.9.1?
 *     ```
       /wp-content/themes/default/media.php?cahsurip
   
       /wp-content/uploads/2010/01/default_backup.php
   
       /wp-content/themes/default/index.php?cmd=ls+al
   
       /wp-login.php?CS
       ```
   
 * Like I said – this was a dummy site left virtually un-touched after their hacks
   early last month. The default_backup.php is an exploit file they left behind 
   after one hack to gain access to the server (brute force for passwords, show 
   file locations etc.). That file I removed as soon as I discovered the hack – 
   so we can see the hacker was hoping to have that file left behind. But as for
   the other three entries… any thoughts?
 * Rich

Viewing 1 replies (of 1 total)

 *  [s_ha_dum](https://wordpress.org/support/users/apljdi/)
 * (@apljdi)
 * [16 years, 4 months ago](https://wordpress.org/support/topic/possible-exploit-question/#post-1382117)
 * No idea about the first. The third is a *nix shell command for listing directory
   contents. I don’t know about the last either.

Viewing 1 replies (of 1 total)

The topic ‘Possible Exploit – Question’ is closed to new replies.

## Tags

 * [exploit](https://wordpress.org/support/topic-tag/exploit/)
 * [hacked](https://wordpress.org/support/topic-tag/hacked/)

 * In: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/)
 * 1 reply
 * 2 participants
 * Last reply from: [s_ha_dum](https://wordpress.org/support/users/apljdi/)
 * Last activity: [16 years, 4 months ago](https://wordpress.org/support/topic/possible-exploit-question/#post-1382117)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics