spammer hacked site

  • Unknown's avatar
    adunate · Member ·

    My host provider says that PHP command shells were found in three of my site’s files, meaning it’s been hacked by a spammer. This is the information they’ve given me:

    {HEX}php.cmdshell.unclassed.368 : /home2/mysite/public_html/wp-includes/class-template.php
    {HEX}php.cmdshell.egyspider.239 : /home2/mysite/public_html/wp-includes/WSO.php
    {HEX}php.cmdshell.c100.224 : /home2/mysite/public_html/wp-includes/wpspl-load-compat.php

    I have no idea what code to be looking for and unfortunately (I know, I know…) I don’t have the original WP source files. Where can I download these from on WP? I do have my backup child themes, should I also reload those?

    Lastly, how did this happen? Supposedly I am paying my host provider extra for protection but they said it doesn’t protect against hackers abusing my scripts directly or uploading backdoors (such as that PHP shell). So what can I do to prevent this from happening again?

    The blog I need help with is: (visible only to logged in users)

  • Unknown's avatar
    adunate · Member ·

    Oops, wrong blog listed. The blog I’m referring to is adunate.com

  • Unknown's avatar
    timethief · Member ·

    Hi there,

    adunate.com is a wordpress.ORG software install on paid hosting, hosted by Total Server Solutions L.L.C
    Name Servers:
    ns1.handsonwebhosting.com
    ns2.handsonwebhosting.com

    That site is not on our WordPress.COM servers. We cannot help you here. Contact your web host for hosting issues and post to WordPress.org support for software issues.

    We do not provide support for local installs of WordPress.ORG software, or for WordPress.ORG software installs on paid hosting, linked to WordPress.COM accounts with the Jetpack plugin so they display on the My Sites WordPress.COM account page.

    WordPress.COM and WordPress.ORG are completely separate and have different username accounts, logins, features, run different versions of some themes with the same names, and have separate support documentation and separate support forums. Read the differences here http://en.support.wordpress.com/com-vs-org/

    The wordpress.ORG support forum is at http://wordpress.org/support. The wordpress.ORG login link is here https://login.wordpress.org/ If you do not have an account yet then click Create an account https://login.wordpress.org/register/ and if you have lost an account password click Lost password? https://login.wordpress.org/lostpassword/
    WordPress.org support docs are at https://codex.wordpress.org/Main_Page
    See also https://apps.wordpress.org/support/ for app support.

  • The topic ‘spammer hacked site’ is closed to new replies.