Help me figure out how my site got hacked - and what to do...
November 30, 2010 10:03 AM Subscribe
My website got hacked the other night; a piece of code was inserted that generated spam. I'm technical enough to have found the offending code, and I simply removed it, but I'm baffled as to how the code got inserted in the first place….
posted by soulbarn to computers & internet (18 answers total) 15 users marked this as a favorite
I practice extremely secure password policies - I use a high-security password, never edit the site from anywhere but home, and don't have anyone else with FTP access. It doesn't seem that any additional tampering took place. (I've changed the passwords anyway.)
More detail: - I run both a personal website and a hosted Wordpress installation, which launches off a subdirectory. - I own several domain names, which redirect to my main site. - The code was inserted in one of the folders that contained redirect information for one of my domains.
Can anyone help me, either with clues as to how this happened, or questions I can direct to my ISP that might track it down? My expertise on this is fairly limited.
(I know, maybe I just need to admit that I was hacked…)
I've posted the suspect code as a PDF here:
(If there is a better or more community-friendly way to make this request, please advise me. And thanks in advance for the help.)
I just discovered another clue: there's a Wordpress installation - not mine, which resides in another directory - in the above-mentioned redirect directory. It contains a file, which appears to be the key to allowing access, called wp-app.php, that appears to call up a console which allows full access to the site. (I am hesitant to post the link in a public forum, though I am happy to share it with anyone privately.)
The questions now: - What do I do? Remove the installation? - How did the access occur?