4 replies to this topic

[send2paul]

Morning all

Generally the support from my host on things to so with my account is quite good. But just recently it seems like "the good" guys who I dealt with have left and I'm left with "newbies" who dip into generalisations and don't answer direct questions. Here's some concerning my Wordpress blog of which I'm having some potential issues with on the account:

Remove ALL third-party plugins/themes/templates/components after upgrading your software installations, and from those that are already upgraded under an infected user.

Soooooooooooo - does that mean I go to the "back up" Wordpress folders and manually delete all those old plug-ins and themes from there? And - can I just delete Wordpress back-up folders altogether?

I was also given a list of files that could have been hacked, they were all dump.txt files at this type of location -:

/home/username/blogname.com/wp-content/plugins/plugin-manager/dump.txt

My unanswered question was - Can I just go ahead and delete those files? Do I need these dump.txt files at all?

Appreciably this is not a Wordpress forum - but I do value people's judgements and advice here on Cre8asite far more than other place on the net!

Thanks peeps!

Paul

p.s. moderator types - please move this to a more appropriate forum if you think it doesn't belong here?

[DonnaFontenot]

No, you don't delete anything from backup folders. You delete the plugins from the actual plugins folder in the real wordpress installation folder. Just like they show in the example you quoted (except blogname.com is your blog's url).

Yes, you can delete the dump.txt files completely. No, you don't need them.

However, cleaning a hacked site isn't usually this simple. Just because you get rid of the hacked files, doesn't mean you've gotten rid of the access the hackers used to hack it to begin with, so they may simply rehack it. Resources:

http://codex.wordpre...site_was_hacked
http://smackdown.blo...s-installation/

[send2paul]

Thanks Donna

They did give me other things do, but they weren't so clear on those particular files. Having looked through them myself they just seemed to show actions that had been taken with plugin-ins, and NOT any kind of "malicious" coding activity, but as I'm not sure about "these things" - it was always best to ask

And I'm well on the way to changing passwords etc etc.

Thanks again!

Paul

Edited by send2paul, 04 March 2012 - 08:51 AM.

[send2paul]

p.s.whilst I'm here.... I've discovered a small text file which just has the following in it:

<?xml version="1.0" encoding="UTF-8"?><tree ><require_auth/></tree>

and a .php file called php-update.sh which contains:

<tree><require_auth/></tree>

The "update" one was modified on 12th Sept 2006, and the small text file was modified on 8th April 2011. Note the small text file is alarming called "hackedfiles.txt" . This time last year I had a HUGE problem with my account which I eventually resolved. I'm presuming this has something to do with that?

[DonnaFontenot]

No idea, sorry.