• I found a file in my theme, no-tp.php, that’s a Russian hacker file. It was created October 13th, which should have been before the recent 2.3.1 bug fix.

    Before I submit this as a problem, I’m trying to filter out whether others have had this same hack, or if I’m the only one and the problem is because of my own extensions.

    Has anyone else found a file called no-tp.php in their theme directory? Anyone else recognize the file name? This was a rename of the infamous r57shell.php file.

    The theme directory is not world writable. None of my WP subdirectories are. However, user was nobody, so it most likely came through via a PHP application, most likely WP.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Site Hacked: no-tp.php’ is closed to new replies.