[Nottingham] We've been hacked/cracked! THREE times!!!
Martin
martin at ml1.co.uk
Wed Jan 29 08:59:38 UTC 2014
Folks,
FYI:
OK, so our WordPress site has been attacked, from what looks to be three
attempts! All on 21/01/2014 and 28/01/2014.
The unexplained part is for how a number of ".php" files were uploaded.
However, despite a few thousand hits from various (soon blacklisted) IP
addresses, their logged attempts to access the rogue php returned
nothing more than a "403"...
Bits of the code look like mail spam. Another part includes a file
manager and attempts at shell execute (all never enabled in the first
place due to good paranoia)...
Details available for anyone interested.
And just for being really paranoid: Can any maliciousness be executed in
a .css file?
Cheers,
Martin
--
- ------------------ - ----------------------------------------
- Martin Lomas - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- martin @ ml1 co uk - Import from hkp://subkeys.pgp.net or
- ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg
More information about the Nottingham
mailing list