Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SiteMonitor detected possible Wordpress files as hacked


WebDev22

Recommended Posts

We were hacked by the eval base64 hack and made a lot of changes to boost security including installing SiteMonitor, which is great tool. I ran the utility and received the following list of files that could potentially be hacked. This makes me wonder if WordPress should have been installed elsewhere instead of in the public_html directory. These files came back as possibly being hacked but I went through some of them and didn't see anything suspicious:

 

blog/wp-app.php

blog/xmlrpc.php

blog/wp-admin/gears-manifest.php

blog/wp-admin/load-scripts.php

blog/wp-admin/load-styles.php

blog/wp-admin/plugin-editor.php

blog/wp-admin/plugins.php

blog/wp-admin/includes/class-wp-upgrader.php

blog/wp-content/plugins/akismet/akismet.php

blog/wp-content/themes/amazing-grace/ad_middle.php

blog/wp-content/themes/amazing-grace/header.php

blog/wp-content/themes/amazing-grace/sidebar.php

blog/wp-includes/class-IXR.php

blog/wp-includes/class-simplepie.php

blog/wp-includes/http.php

blog/wp-includes/js/jquery/jquery.form.dev.js

blog/wp-includes/js/jquery/jquery.form.js

blog/wp-includes/js/scriptaculous/controls.js

blog/wp-includes/js/thickbox/thickbox.js

blog/wp-includes/js/tinymce/plugins/paste/js/pasteword.js

blog/wp-includes/js/tinymce/themes/advanced/js/about.js

includes/classes/nusoap.php

includes/modules/payment/paypal_standard.php

minaddir/includes/classes/nusoap.php

Link to comment
Share on other sites

No script can determine if the code is from a hacker since it is commonly used in regular files (this is states in SiteMonitor). All that check does is find files that "might" contain hacker code. You have to go through them to see if they do. The easiest way is to download them and compare them with a known good set.

 

If you don't mind saying, I'm curious why you wouldn't post a contribution-specific question in the support thread for the contribution, especially when it is about something as important as the sites security. I usually ignore such posts.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

If you don't mind saying, I'm curious why you wouldn't post a contribution-specific question in the support thread for the contribution, especially when it is about something as important as the sites security. I usually ignore such posts.

 

Jack - I actually sat there for a moment wondering if it was appropriate to post this comment in that thread. It seemed that thread was more about installation and support of the contribution itself. Nevertheless, I know now. Thanks!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...