[thelist] Hacked website

erik mattheis gozz at gozz.com
Sat May 31 10:35:05 CDT 2014


A new client's site was hacked almost a year ago, they didn't realize it
although they remembered their host shutting down their website temporarily
and telling them it may have been hacked (???). The intruder placed a bunch
of search engine spam on their site but otherwise didn't do anything I've
noticed. They got at least one executable PHP file in there, so I'm
assuming they could do anything they wanted and still could at any time.

I'm not a security guy though and want to check out a possible plan:

- Client will run security scan on computers that have accessed the site
- Export WordPress content as XML, search content for <script> and <?php>
tags
- Download media files, make sure none are executable
- Restore everything on new server

Am I missing anything? Would there be a way the hacker could still have
access to the site at the new location if I followed the above steps?

Thanks and happy almost-summer to those of you in my hemisphere!


-- 
Erik Mattheis


More information about the thelist mailing list