Skip to main content

Jon Moore | UK Based Drupal Specialist

Tips 'n' Snips

  • Home
  • General
  • Drupal
    • Drupal 6
    • Drupal 7
    • Drupal 8
    • Drupal 9
    • Module Building
  • HTML & CSS
  • Javascript
  • jQuery
  • PHP
    • CodeIgniter
    • Handy Functions
    • MySQL
  • WordPress
  • About
  • Contact

WordPress Site Hacked

WordPress Site Hacked

After having the same site hacked several times, and not finding anyone with the same issue I’ve had, I decided to add it here in case it helps anyone else.

I had the following files added:

wp-content/barclays.zip
wp-content/barclays/barclays2.html
wp-content/barclays/finish.html
wp-content/barclays/locals.php
wp-content/barclays/barclays.html
wp-content/barclays/local.php

I think they were done through ‘hello.php’ which was also in the ‘wp-content’ folder, (not to be confused with Hello Dolly although it has the same name).

The IP addresses of these lovelly people (sarcasm in case I need to point it out) was:
103.3.223.15
41.184.113.178

The Solution:

add the following to my .htaccess file:

order allow,deny
deny from 41.184.113
deny from 103.3.223
allow from all

Plus I added a script that deletes any .php, .htm, .html, .zip files from the ‘wp-content’ folder, just at that level. Script is:

<?php

##################################################################################################################
#
#    Get File List

	// Vars	
	$phpFiles 	= array();
	$filePath 	= 'wp-content/'; # Specify the path you want to look in. 
	$outputMessage = '';
	
	// Get list and store in array
	$dir = opendir($_SERVER['DOCUMENT_ROOT'].$filePath); # Open the path
	while($file = readdir($dir)){ 
		if(eregi("\.php",$file)){ # Look at only files with a .jpg extension
			$phpFiles[] = $file;
		}
		if(eregi("\.htm",$file)){ # Look at only files with a .htm extension
			$phpFiles[] = $file;
		}
		if(eregi("\.html",$file)){ # Look at only files with a .htm extension
			$phpFiles[] = $file;
		}
		if(eregi("\.zip",$file)){ # Look at only files with a .htm extension
			$phpFiles[] = $file;
		}
	}
	
	// Output
	if(count($phpFiles) > 0){
		
		foreach($phpFiles as $val){
			$outputMessage .= $_SERVER['DOCUMENT_ROOT'].$filePath.$val.'<br />'."\n";
			unlink($_SERVER['DOCUMENT_ROOT'].$filePath.$val);
		}
		
		$outputMessage .= 'Files wiped.'."\n"; 
	}
	else { $outputMessage .= 'No files in '.$filePath.'.'."\n"; }

	echo $outputMessage;
	
#
##################################################################################################################

?>

This script can be run manually or even better, trigger it every hour using a scheduled task.

Main Category
  • WordPress
 

Backend Coders

  • PHP
  • Handy PHP Functions
  • PHP MySQL

Frontend Coders

  • HTML & CSS
  • jQuery
  • Javascript

CMS/CMF Systems

  • Drupal
  • Drupal 6 Specific
  • Drupal 7 Specific
  • Drupal Module Building
  • WordPress

About

  • Home
  • About
 

© Jon Moore 2020

All stock images are from www.istockphoto.com