Possible Exploit – Question

  • So a few weeks ago I posted how a few of my sites had been hacked. It has been an on going issue where the group has tried numerous times to gain access. This past attempt, a hacker was able to gain access to one of my sites (I left one site up as a dummy site to see what/how they were gaining access). In my logs – this is what I saw – can anyone explain possibly what/why these commands were used? Also are these a possible sign of a new exploit/security vulnerability in 2.9.1?

    /wp-content/themes/default/media.php?cahsurip

/wp-content/uploads/2010/01/default_backup.php

/wp-content/themes/default/index.php?cmd=ls+al

/wp-login.php?CS

    Like I said – this was a dummy site left virtually un-touched after their hacks early last month. The default_backup.php is an exploit file they left behind after one hack to gain access to the server (brute force for passwords, show file locations etc.). That file I removed as soon as I discovered the hack – so we can see the hacker was hoping to have that file left behind. But as for the other three entries… any thoughts?

    Rich

Viewing 1 replies (of 1 total)

  • No idea about the first. The third is a *nix shell command for listing directory contents. I don’t know about the last either.

Viewing 1 replies (of 1 total)
  • The topic ‘Possible Exploit – Question’ is closed to new replies.