Comments on: Clean WordPress from PHP Exploit P0358

By: Raboo

Raboo — Mon, 04 Aug 2014 10:56:00 +0000

I ran into the same issue with some wordpress sites.
don’t have any fresh access logs but all files modified were dated to January 22.
But the hack was July 27 if i compare to the backups.

By: Evermind down per un attacco code injection: problema risolto

Evermind down per un attacco code injection: problema risolto — Fri, 25 Jul 2014 17:59:51 +0000

[…] questo comando ringrazio Sascha che mi ha fatto risparmiare non poco […]

By: atxcowboy

atxcowboy — Tue, 22 Jul 2014 11:37:00 +0000

In reply to Francesco Biacca. I have not been able to get ahold of an access log of a hacked site yet. They are also modifying the timestamp of the contaminated files, though the real timestamp is really easy to find out. The site I only cleaned up was hacked again this morning just after 4am. Their provider only lets them see their access_log with a 24 hour delay by default. I have asked them to request today's log file asap so we can investigate further, but they're still waiting for a reply.

By: Francesco Biacca

Francesco Biacca — Tue, 22 Jul 2014 07:01:00 +0000

I’ve the same problem on my company website evermind . it
Even after deleting all the php files in it, it continues to be hacked .. do you know where the vulnerability is?

By: atxcowboy

atxcowboy — Mon, 21 Jul 2014 11:37:00 +0000

This is really important and thus I am posting it as the first comment: Simply cleaning up a website from a hack will never protect it from follow-up hacks. You'll need to have a forensic analysis done on the site and have someone run a security audit on the site and server. Further on, your site should be monitored continuously by a real human. For all of these tasks I am available for assistance. Contact me for further details and assistance.