WebDev22 Posted November 4, 2009 Posted November 4, 2009 We were hacked by the eval base64 hack and made a lot of changes to boost security including installing SiteMonitor, which is great tool. I ran the utility and received the following list of files that could potentially be hacked. This makes me wonder if WordPress should have been installed elsewhere instead of in the public_html directory. These files came back as possibly being hacked but I went through some of them and didn't see anything suspicious: blog/wp-app.php blog/xmlrpc.php blog/wp-admin/gears-manifest.php blog/wp-admin/load-scripts.php blog/wp-admin/load-styles.php blog/wp-admin/plugin-editor.php blog/wp-admin/plugins.php blog/wp-admin/includes/class-wp-upgrader.php blog/wp-content/plugins/akismet/akismet.php blog/wp-content/themes/amazing-grace/ad_middle.php blog/wp-content/themes/amazing-grace/header.php blog/wp-content/themes/amazing-grace/sidebar.php blog/wp-includes/class-IXR.php blog/wp-includes/class-simplepie.php blog/wp-includes/http.php blog/wp-includes/js/jquery/jquery.form.dev.js blog/wp-includes/js/jquery/jquery.form.js blog/wp-includes/js/scriptaculous/controls.js blog/wp-includes/js/thickbox/thickbox.js blog/wp-includes/js/tinymce/plugins/paste/js/pasteword.js blog/wp-includes/js/tinymce/themes/advanced/js/about.js includes/classes/nusoap.php includes/modules/payment/paypal_standard.php minaddir/includes/classes/nusoap.php
Jack_mcs Posted November 4, 2009 Posted November 4, 2009 No script can determine if the code is from a hacker since it is commonly used in regular files (this is states in SiteMonitor). All that check does is find files that "might" contain hacker code. You have to go through them to see if they do. The easiest way is to download them and compare them with a known good set. If you don't mind saying, I'm curious why you wouldn't post a contribution-specific question in the support thread for the contribution, especially when it is about something as important as the sites security. I usually ignore such posts. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
WebDev22 Posted November 4, 2009 Author Posted November 4, 2009 If you don't mind saying, I'm curious why you wouldn't post a contribution-specific question in the support thread for the contribution, especially when it is about something as important as the sites security. I usually ignore such posts. Jack - I actually sat there for a moment wondering if it was appropriate to post this comment in that thread. It seemed that thread was more about installation and support of the contribution itself. Nevertheless, I know now. Thanks!
Recommended Posts
Archived
This topic is now archived and is closed to further replies.