[Klug-general] wanted: db advice/crashcourse for helping clean cracked wp site

James Morris jwm.art.net at gmail.com
Thu Feb 23 21:11:33 UTC 2012


Without being familiar with the host/system should I be worried about
a user with a login named otunnel... with an IP project honeypot
identifies as being from china? The sites are hosted by dreamhost.com.

James.



On 23 February 2012 21:06, David Halliday <david.halliday at gmail.com> wrote:
> If the site has been compromised the only way to be sure nothing is left is
> to remove all code etc...
> I'd backup data and reinstall wp.
>
> On Feb 23, 2012 8:57 PM, "James Morris" <jwm.art.net at gmail.com> wrote:
>>
>> Hi,
>>
>> I've offered to help clean up a word press site which has been
>> targetted by the pharmacy style hacks. Something like this:
>>
>> http://redleg-redleg.blogspot.com/2011/02/pharmacy-hack.html
>>
>> I've got ssh access and have been removing instances of base64
>> obfuscated code from various files in the site. I think I've tracked
>> it all down but am worried about how it got there (though suspect use
>> of ftp is to blame).
>>
>> Anyway, I need a bit of a crash course in mysql (i presume that's
>> what's used) as I want to make sure the database is clean... Can
>> anyone give advice or examples of queries that will help in this task?
>>
>> thanks,
>> James.
>>
>> _______________________________________________
>> Kent mailing list
>> Kent at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/kent
>
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent



More information about the Kent mailing list