Pinoyhack Got Hack
For almost one week Pinoyhack.com has been attacked by malicious malwares. I made a quick research on it and looks like I was hit by a wordpress malware called ccfelomvhk.com.
It seems like this wordpress virus has been attacking thousand of sites. This virus also automatically creates .php files somewhat like rmv.php or very similar to the php files you already had in your account, also watch out for this wordpress virus file size it is usually 32kb or 8.87kb.
This issue actually involves several sites, running versions 2.1.3, 2.3, 2.3.1, 2.3.2, 2.3.3 and 2.5
Try to do this:
1. Keep searching for wp-info.txt to make sure it’s not around, if so, delete it.
find . -name wp-info* 2. get rid of all _new _old .jpgg .giff and .pngg
find . -name *_old* -exec rm ‘{}’ \;
3. find all instances of the backdoor account looks like
grep -ri _wp_debugger * *.php Then do a global search and replace (for now) to replace _wp_debugger with ‘unknown’
find . -name ‘*.php’ | xargs perl -pi -e ’s/_wp_debugger/unknown/’
4. Upgrade all installations to 2.5
5. Use phpmyadmin to remove the hidden ‘wordpress’ user account from the wp_users table in the database
If your wordpress blog because of malwares, virus, or trojans try this simple instructions and your site will work again perfectly.
Most Viewed:
Sep 17th, 2008 at 3:17 am
[...] Pinoyhack.com was attacked by malicious malwares 2 weeks ago. I found a new script which I think is causing to slow down the site or send malicious warez from a web user. I found the script hiding on the html and php files. These codes are hidden and was written as iframes - below is the sample of the codes I did find. [...]