GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Shoplifter · 11-15-2016, 04:56 PM

It is possible to clean out a hacked Wordpress setup and indeed I have done it.

One thing that may help you is this: find /pathtoyourfiles/yourblog.com -mtime -2 -ls

It will list all of the files that have been modified in the past two days, which is very helpful in catching backdoor shell scripts and files being placed on your server.

If the attacker is using your site to send spam emails it's easy to find the originating script from the email header. Then you can delete it and also search in your logs for other scripts being used to send email. Usually the attacker will have three systems going, one is the actual backdoor that allows him to place files on your server, the other are the scripts that they use to send spam emails, and the other is a page on your website that acts as an endpoint for the URLs in his spam emails. This is the classic attack these days and once you can wrap your head around what they are trying to so it's a lot easier to prevent it.

It can also help if you use something like wordfence which will catch some but not all of the problems. Also keep your plugins up to date and delete any old plugins and themes.

11-15-2016, 04:56 PM
Shoplifter Richest man in Babylon Industry Role: Join Date: Jan 2002 Location: Posts: 10,002 Posts: 5,687	It is possible to clean out a hacked Wordpress setup and indeed I have done it. One thing that may help you is this: find /pathtoyourfiles/yourblog.com -mtime -2 -ls It will list all of the files that have been modified in the past two days, which is very helpful in catching backdoor shell scripts and files being placed on your server. If the attacker is using your site to send spam emails it's easy to find the originating script from the email header. Then you can delete it and also search in your logs for other scripts being used to send email. Usually the attacker will have three systems going, one is the actual backdoor that allows him to place files on your server, the other are the scripts that they use to send spam emails, and the other is a page on your website that acts as an endpoint for the URLs in his spam emails. This is the classic attack these days and once you can wrap your head around what they are trying to so it's a lot easier to prevent it. It can also help if you use something like wordfence which will catch some but not all of the problems. Also keep your plugins up to date and delete any old plugins and themes.