Asides

A hacker came by with c99madshell v. 2.0 madnet edition

*Update: Okay, I think I located the potential entry to the WP-Forum, which I have read having some security issues coming up lately. It has now been removed from this site. * 

Alright, not really what I wanted to happen on a Monday evening.

I came home, and just before I started to make dinner, I went to check my mail, in there was a mail from an advertiser that an ad was not showing, and naturally I went to the site to check.

Lo and behold, my site was hacked, and the hacker installed the c99madshell v. 2.0 on my domain.

Searching for information I found only vague information, and never really found out how the ‚Ǩ#”%”‚Ǩ# hacker came in.

I started by updating my Wordpress installation to the latest version, and then went hunting. I found the script in my themes folder, where it replaced one the .php files.

The only information I found that gave any clue to where to look was here: http://www.devside.net/blog/smf-exploit-like-phpbb-hack

I included below screenshot, which is from the same blog-entry (credit where credit is due) since I focused on removing the hack instead of documenting it. I hope the owner does not take offence.

Removing it was fairly easy once I knew where to look, but I had to have a serious look around to see where it was hidden.

So, what did I learn from this? To backup, backup often, and to always update my Wordpress installations.

Have you had a visit?

Tags: advertise, blog, tutorial, wordpress

Related posts

• Entrecard Free Traffic - The Experience (5)
• WordPress Translator plugin test - preliminary results (0)
• Wordpress translation plugin gives fantastic results (0)
• Wordpress Plugin Test - Angsuman’s Translator Plugin (2)
• Viralink - a new viral linktrain is leaving the station (9)