[thelist] Hacked website
patrick
pms at stoutstreet.com
Sat May 31 12:55:43 CDT 2014
On 5/31/2014 11:35 am, erik mattheis wrote:
> A new client's site was hacked almost a year ago, they didn't realize it
> although they remembered their host shutting down their website temporarily
> and telling them it may have been hacked (???). The intruder placed a bunch
> of search engine spam on their site but otherwise didn't do anything I've
> noticed. They got at least one executable PHP file in there, so I'm
> assuming they could do anything they wanted and still could at any time.
>
> I'm not a security guy though and want to check out a possible plan:
>
> - Client will run security scan on computers that have accessed the site
> - Export WordPress content as XML, search content for <script> and <?php>
> tags
> - Download media files, make sure none are executable
> - Restore everything on new server
>
> Am I missing anything? Would there be a way the hacker could still have
> access to the site at the new location if I followed the above steps?
>
> Thanks and happy almost-summer to those of you in my hemisphere!
>
>
Check the database as well -- especially for extra users. And disable
the stock 'admin' user.
--
patrick sanders
http://www.stoutstreet.com
web sites that fit
More information about the thelist
mailing list