SQL injection attack

  • gonsteaddoc

    (@gonsteaddoc)


    9 years, 9 months ago

    I received an email from my hosting company that it appears that I was victim of a blind sql injection attack through a vulnerability in Yeost SEO. Can the database be fixed and secured, or do I have to blow up the site? This is the email I received:

    I believe your dabase itself is compromised because you were running an outdated version of this seo plugin which is vulnerable to sql injection. Because your database itself can no longer be trusted and they hackers have been using your seo plugin to manipulatet the google crawlers, I strongly recommend doing a completely fresh install of wordpress with a new database. If you are a wordpress expert there is the chance you could secure the database, but it is very difficult to recover from a SQL injection attack and there is the strong possibility that the hacker would have back door access through the database itself even after an upgrage/reinstall with the existing database. The following files are malicious:

    ./clickandbuilds/PerryHallChiropractic/wp-content/plugins/shariff-sharing/context.php
    ./clickandbuilds/PerryHallChiropractic/t97ADNGUPY/7xgIWMR5.inc
    ./clickandbuilds/PerryHallChiropractic/t97ADNGUPY/KRorztdqusfc.dat
    ./clickandbuilds/PerryHallChiropractic/t97ADNGUPY/4tnwEKJuqYTsalb.png
    ./clickandbuilds/PerryHallChiropractic/t97ADNGUPY/K1dbTtIM.php
    ./clickandbuilds/PerryHallChiropractic/version.php
    ./clickandbuilds/PerryHallChiropractic/Q8x25k/LfXd38Q6ACq.inc
    ./clickandbuilds/PerryHallChiropractic/Q8x25k/w8gveUbBRSzq.png
    ./clickandbuilds/PerryHallChiropractic/Q8x25k/OMqJmkLucC.dat
    ./clickandbuilds/PerryHallChiropractic/Q8x25k/0Baqjz8K.php
    ./clickandbuilds/PerryHallChiropractic/ZbMcl6Rxk9/e2nwxLF8.inc
    ./clickandbuilds/PerryHallChiropractic/ZbMcl6Rxk9/3Fmr57NLneUV.dat
    ./clickandbuilds/PerryHallChiropractic/ZbMcl6Rxk9/OUW5feL.png
    ./clickandbuilds/PerryHallChiropractic/ZbMcl6Rxk9/atLP6kgFKmoEq.php
    ./clickandbuilds/PerryHallChiropractic/TSLN3/fd8m70jRgJzq4ol.inc
    ./clickandbuilds/PerryHallChiropractic/TSLN3/PfRQNF5o.png
    ./clickandbuilds/PerryHallChiropractic/TSLN3/y3HQocz0MWDk9xg6.png
    ./clickandbuilds/PerryHallChiropractic/TSLN3/gwmeUcDFV6.dat
    ./clickandbuilds/PerryHallChiropractic/TSLN3/MQ7xB3DoUrTI.php
    ./clickandbuilds/PerryHallChiropractic/TSLN3/7AB8nyJNYUo3piL.png
    ./clickandbuilds/PerryHallChiropractic/WnrHFL/xv7jZWhm.inc
    ./clickandbuilds/PerryHallChiropractic/WnrHFL/IZTDmGHikrq.dat
    ./clickandbuilds/PerryHallChiropractic/WnrHFL/mxo7ZyB6JdrbIith.php
    ./clickandbuilds/PerryHallChiropractic/6mWCBYZ/9Ho1WeTi.inc
    ./clickandbuilds/PerryHallChiropractic/6mWCBYZ/TIaKzrjPRv.dat
    ./clickandbuilds/PerryHallChiropractic/6mWCBYZ/x9Og7jqhvfUW.png
    ./clickandbuilds/PerryHallChiropractic/6mWCBYZ/f1M7wDa.php
    ./clickandbuilds/PerryHallChiropractic/lM2emBnfA/K6bBx0E9S8GF.inc
    ./clickandbuilds/PerryHallChiropractic/lM2emBnfA/uqdnyQXGceLU.png
    ./clickandbuilds/PerryHallChiropractic/lM2emBnfA/RYdW2OAc61.png
    ./clickandbuilds/PerryHallChiropractic/lM2emBnfA/NUaVjlvBtP4.dat
    ./clickandbuilds/PerryHallChiropractic/lM2emBnfA/71Ql503.php
    ./clickandbuilds/PerryHallChiropractic/lM2emBnfA/4NDU18ha.png

    There is no clean backup.

    Sincerely,
    Security Team
    1&1 Internet Inc.

The topic ‘SQL injection attack’ is closed to new replies.