Possible Initial Attack Vector? | ww.wp.xz.cn

evannatta
(@evannatta)

11 years, 5 months ago

I have a site that has been hacked, I believe it may be related to the ‘pharma’ hack, but at this point I’m still digging and not sure. At the moment I am trying to establish the initial vector of attack and have found some suspicious code appended to hardcoded links on some pages. The query looks like this: ‘www.site.org/legit-url?phpmyadmin=ksdh8HUS34hdsf-98jsd’. Does anyone know what this query is trying to do? By the way though the query appears multiple places the value after ‘phpmyadmin=’ is always the same.

Thanks in advance.

Viewing 1 replies (of 1 total)

WPyogi
(@wpyogi)

11 years, 5 months ago

These should be helpful:

http://codex.ww.wp.xz.cn/FAQ_My_site_was_hacked
http://ww.wp.xz.cn/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Viewing 1 replies (of 1 total)

The topic ‘Possible Initial Attack Vector?’ is closed to new replies.

Tags

In: Fixing WordPress
1 reply
2 participants
Last reply from: WPyogi
Last activity: 11 years, 5 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics