[thelist] Hacked website

patrick pms at stoutstreet.com
Sat May 31 12:55:43 CDT 2014

On 5/31/2014 11:35 am, erik mattheis wrote:
> A new client's site was hacked almost a year ago, they didn't realize it
> although they remembered their host shutting down their website temporarily
> and telling them it may have been hacked (???). The intruder placed a bunch
> of search engine spam on their site but otherwise didn't do anything I've
> noticed. They got at least one executable PHP file in there, so I'm
> assuming they could do anything they wanted and still could at any time.
> I'm not a security guy though and want to check out a possible plan:
> - Client will run security scan on computers that have accessed the site
> - Export WordPress content as XML, search content for <script> and <?php>
> tags
> - Download media files, make sure none are executable
> - Restore everything on new server
> Am I missing anything? Would there be a way the hacker could still have
> access to the site at the new location if I followed the above steps?
> Thanks and happy almost-summer to those of you in my hemisphere!

Check the database as well -- especially for extra users. And disable 
the stock 'admin' user.


patrick sanders
web sites that fit

More information about the thelist mailing list