[Klug-general] wanted: db advice/crashcourse for helping clean cracked wp site
David Halliday
david.halliday at gmail.com
Thu Feb 23 21:16:24 UTC 2012
Dude, don't trust any configuration on it.
Log in to the host control panel, change ALL. Passwords.
Remove all extra users.
Blow out all the data.
Start again using a backup of the content.
Someone. Has got in and is. Intent on staying in.
The only way to be sure you get rid of the nasty stuff is to get rid of
everything.
Ask yourself, does someone in China need Access to this host. If not then
they shouldn't have it and shouldn't have had it.
On Feb 23, 2012 9:11 PM, "James Morris" <jwm.art.net at gmail.com> wrote:
> Without being familiar with the host/system should I be worried about
> a user with a login named otunnel... with an IP project honeypot
> identifies as being from china? The sites are hosted by dreamhost.com.
>
> James.
>
>
>
> On 23 February 2012 21:06, David Halliday <david.halliday at gmail.com>
> wrote:
> > If the site has been compromised the only way to be sure nothing is left
> is
> > to remove all code etc...
> > I'd backup data and reinstall wp.
> >
> > On Feb 23, 2012 8:57 PM, "James Morris" <jwm.art.net at gmail.com> wrote:
> >>
> >> Hi,
> >>
> >> I've offered to help clean up a word press site which has been
> >> targetted by the pharmacy style hacks. Something like this:
> >>
> >> http://redleg-redleg.blogspot.com/2011/02/pharmacy-hack.html
> >>
> >> I've got ssh access and have been removing instances of base64
> >> obfuscated code from various files in the site. I think I've tracked
> >> it all down but am worried about how it got there (though suspect use
> >> of ftp is to blame).
> >>
> >> Anyway, I need a bit of a crash course in mysql (i presume that's
> >> what's used) as I want to make sure the database is clean... Can
> >> anyone give advice or examples of queries that will help in this task?
> >>
> >> thanks,
> >> James.
> >>
> >> _______________________________________________
> >> Kent mailing list
> >> Kent at mailman.lug.org.uk
> >> https://mailman.lug.org.uk/mailman/listinfo/kent
> >
> >
> > _______________________________________________
> > Kent mailing list
> > Kent at mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/kent
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20120223/7887159d/attachment.htm>
More information about the Kent
mailing list