WebDev22 Posted November 4, 2009 Share Posted November 4, 2009 We were hacked by the eval base64 hack and made a lot of changes to boost security including installing SiteMonitor, which is great tool. I ran the utility and received the following list of files that could potentially be hacked. This makes me wonder if WordPress should have been installed elsewhere instead of in the public_html directory. These files came back as possibly being hacked but I went through some of them and didn't see anything suspicious: blog/wp-app.php blog/xmlrpc.php blog/wp-admin/gears-manifest.php blog/wp-admin/load-scripts.php blog/wp-admin/load-styles.php blog/wp-admin/plugin-editor.php blog/wp-admin/plugins.php blog/wp-admin/includes/class-wp-upgrader.php blog/wp-content/plugins/akismet/akismet.php blog/wp-content/themes/amazing-grace/ad_middle.php blog/wp-content/themes/amazing-grace/header.php blog/wp-content/themes/amazing-grace/sidebar.php blog/wp-includes/class-IXR.php blog/wp-includes/class-simplepie.php blog/wp-includes/http.php blog/wp-includes/js/jquery/jquery.form.dev.js blog/wp-includes/js/jquery/jquery.form.js blog/wp-includes/js/scriptaculous/controls.js blog/wp-includes/js/thickbox/thickbox.js blog/wp-includes/js/tinymce/plugins/paste/js/pasteword.js blog/wp-includes/js/tinymce/themes/advanced/js/about.js includes/classes/nusoap.php includes/modules/payment/paypal_standard.php minaddir/includes/classes/nusoap.php Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 4, 2009 Share Posted November 4, 2009 No script can determine if the code is from a hacker since it is commonly used in regular files (this is states in SiteMonitor). All that check does is find files that "might" contain hacker code. You have to go through them to see if they do. The easiest way is to download them and compare them with a known good set. If you don't mind saying, I'm curious why you wouldn't post a contribution-specific question in the support thread for the contribution, especially when it is about something as important as the sites security. I usually ignore such posts. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
WebDev22 Posted November 4, 2009 Author Share Posted November 4, 2009 If you don't mind saying, I'm curious why you wouldn't post a contribution-specific question in the support thread for the contribution, especially when it is about something as important as the sites security. I usually ignore such posts. Jack - I actually sat there for a moment wondering if it was appropriate to post this comment in that thread. It seemed that thread was more about installation and support of the contribution itself. Nevertheless, I know now. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.