[Nottingham] We've been hacked/cracked! THREE times!!!

Martin martin at ml1.co.uk
Wed Jan 29 08:59:38 UTC 2014



OK, so our WordPress site has been attacked, from what looks to be three
attempts! All on 21/01/2014 and 28/01/2014.

The unexplained part is for how a number of ".php" files were uploaded.
However, despite a few thousand hits from various (soon blacklisted) IP
addresses, their logged attempts to access the rogue php returned
nothing more than a "403"...

Bits of the code look like mail spam. Another part includes a file
manager and attempts at shell execute (all never enabled in the first
place due to good paranoia)...

Details available for anyone interested.

And just for being really paranoid: Can any maliciousness be executed in
a .css file?


- ------------------ - ----------------------------------------
-    Martin Lomas    - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- martin @ ml1 co uk - Import from   hkp://subkeys.pgp.net   or
- ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg

More information about the Nottingham mailing list