AnonymousPharm – Hack

  • Hi,

    one of my websites got currently hacked. The Frontend and Backend work perfectly, but the hackers installed an online shop in a subdirectory wp-content/extensions/wp. Furthermore, they included a custom php-script in every file of my theme. Our database is still the same, so they couldn’t get access to this (or they just didn’t want to).

    The worst part of this is, that the online-shop is selling drugs.

    We found a script called wp-index.php within multiple subdirectories of the uploads-folder. For example, in wp-content/uploads/2014/04. This script makes it possible to upload files to the server, and everyone who opens it, can see everything on the ftp-server.

    We had to delete the files from the online-shop via ssh, because the hackers created them with a new user, so we didn’t have the rights to delete/edit them.

    I took four screenshots: https://imgur.com/hbMQTRT, https://imgur.com/GzNmZcY, https://imgur.com/PXpRBbV, https://imgur.com/VFQEg2B

    I know that we have to update the installation ASAP. But is this the only problem?

    Does anyone have an idea how they could do this?

    Yanik

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘AnonymousPharm – Hack’ is closed to new replies.

Tags