Hacked

Hacked


Is it Hacked? Sucuri SiteCheck


How to Fix and Protect a Hacked Wordpress Site How to Fix a Hacked WordPress Blog - Hillman Design Group Recovering from a WordPress hack | Go Make Things


c99shell.php

FOPO - Free Online PHP Obfuscator


WP Import All - Licence key: f651aed2cdda047b434e33f78472759a (etaktiker Licence)

  • WP All Import Pro
  • WooCommerce Add-On Pro
  • Link Cloaking Add-On Pro

18.03 First signature uploaded: wp-content\uploads\wpallimport\uploads\83e4e20a2d2c76c5f0a6439d9287fe2b\info.php

Files changes: wp-load.php wp-includes\functions.php

wp-content/plugins/redirection/view/.model.php

wp-includes\nav-menu.php (really changed) - istart

wp-includes\pomo\translations.php (really changed)

wp-admin\user\ccredits.php (really changed)

/wp-content/w3tc-config/info.php /wp-content/plugins/wp-all-import-pro/views/defines75.php

wp-content/plugins/post-tags-and-categories-for-pages/.css.php wp-includes/js/tinymce/plugins/lists/thumbs.php

There was also MASS SPAM sending script “wp-content\uploads\wpallimport\files\system.php”


What a tool UnPHP - The Online PHP Decoder


FUCK YOU! WordPress WP All 3.2.3 Shell Upload ≈ Packet Storm

Signatures:

base64_decode customessay eval( fopo.com FilesMan passssword WPCore2 torrent

grep -ir "plugin2" /var/www/vhosts/* --include=*.php

Exploits Database by Offensive Security

http://www.exploit-db.com/exploits/36554/ WordPress Malware Causes Psuedo-Darkleech Infection | Sucuri Blog


How to find a backdoor in a hacked WordPress » Otto on WordPress

NO - it was not this, but what is this?: Created a user in as Joseph: joseph.maxwell600@gmail.com


0x3a - Security Specialist and programmer by trade - Thousands of compromised WordPress websites redirect to exploit kits


Wordpress | Sucuri Blog

There were some old files, that are malicious also:

wp-logic.php

This was malware

28.03.2015

wp-content/plugins/plugin2

WPCore2 by Lososev virus help

Redirecting users coming from search engines. Anyone who came from them would
see the torrents, while everyone else sees the normal posts.

Find the traces

  grep -r plugin2 /var/www/vhosts/save-up.ch/logs/*
  zcat /var/www/vhosts/save-up.ch/logs/*.gz | grep plugin2.php
  zcat /var/log/php5-fpm.log.*.gz | grep plugin2.php

  grep -r plugin2 /var/log/php5-fpm.log
  zcat /var/log/php5-fpm.log.*.gz | grep plugin2.php

  grep -r plugin2 /var/log/nginx/*
  zcat /var/log/nginx/*.gz | grep plugin2.php

?_

https://wordpress.org/support/topic/my-site-wwwbloggings-are-hacked-via-use-this-php-file?replies=5

Check google?

http://www.google.com/safebrowsing/diagnostic?site=save-up.ch
http://www.google.com/safebrowsing/diagnostic?site=wettbewerbe365.ch
http://www.google.com/safebrowsing/diagnostic?site=etaktiker.rs

Inače, vidi koliko zna:

http://www.google.com/safebrowsing/diagnostic?site=hostingtipp.ch

FAQ My site was hacked « WordPress Codex Website Malware Removal – WordPress Tips & Tricks | Sucuri Blog How to Clean a Hacked WordPress Site using Wordfence

Google Blacklisted Website

Show files changed in last 6 hours, ordered by time modified.

find . -mtime -0.25 -exec ls -ld {} + | sort --key=8

It will even show you empty dir changed if something was created and deleted there. Try it.


Google Hacking 101 - Google provides penetration testers and hackers alike with a surprisingly powerful tool for discovering sites with poor security – and then attacking them. ~ WebVivant


christianalexander.co - FaTaLisTiCz_Fx Fx29SheLL v2.0.09.08 function getContent - Google Search UTCSESSID - Google Search Hacked :: BoonEx Unity Forums save-up.ch › Anmelden FaTaLisTiCz_Fx Fx29SheLL v2.0.09.08 report | S h i n c h i Hack Forums - Site Challenge _DOG Of War _ Was ist das? - FaTaLisTiCz_Fx Fx29SheLL v2.0.09.08 [Honeypot Alert] WordPress Timthumb Attacks Rising site:save-up.ch Fx29SheLL - Google Search FTP bruteforce | Web Hosting Talk Fx29SheLL - Google Search

date 01. Jan 0001 | modified 28. May 2021
filename: Task - Hacked WP Import plugin