Someone uploaded a malicious file to theme_compat
-
Hi,
On my friend’s WordPress website (which is hosted on my server), someone managed to upload a php script to theme_compat titled “general99.php” The script was trying to send thousands of spam emails a minute and attempted to send 302,000 spam emails before I caught the issue. My IPs are all now blacklisted and Amazon has blocked my Amazon EC2 instance from sending email. How is this possible? How could they just upload a php file like that, then get it to trigger every minute? It was each minute on the dot.
I deleted the entire WordPress installation, as my friend said it wasn’t important. I’m just trying to figure out what happened. For the server configuration people out there – what can I do to configure my EC2 instance so this won’t be a problem?
I am working on downloading a backup of the WP installation so I can examine the files and maybe solve this mystery.
- The topic ‘Someone uploaded a malicious file to theme_compat’ is closed to new replies.