User:Here/Exploits/wp-info « WordPress Codex

Codex

Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

User:Here/Exploits/wp-info

Affected versions: 2.3.3 and older, possibly more

Symptoms:

Presence of wp-info.txt
Displayed version changed without upgrading.
Database modifications
New files ending in _new, _old, .pngg, .jpgg, .giff appearing inside writable directory

Please add details and fixes.

Remove _new/_old/.pngg/.jpgg/.giff files across entire server. This requires shell access and sudo/su privilages:
- sudo find / -name wp-info.txt -exec /bin/rm -f '{}' \;
- sudo find / -name *_new.php -exec /bin/rm -f '{}' \;
- sudo find / -name *_old.php -exec /bin/rm -f '{}' \;
- sudo find / -name *php.pngg -exec /bin/rm -f '{}' \;
- sudo find / -name *php.jpgg -exec /bin/rm -f '{}' \;
- sudo find / -name *php.giff -exec /bin/rm -f '{}' \;

Existing conversation found at:

Simptoms, identifying the virus and how to get rid of it found at:

http://www.bloggerguide.net/blog-platform/wordpress/wordpress-exploit-giving-backlinks-redirects-and-headaches-but-no-visitors/

See also

User:Here/Exploits -- Other documented exploits

Retrieved from "https://codex.wordpress.org/index.php?title=User:Here/Exploits/wp-info&oldid=58696"

Codex Resources