Opened 5 years ago
Closed 5 years ago
#44624 closed defect (bug) (invalid)
Lot of wordpress sites hacked at same time
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | critical | Version: | 4.9.7 |
| Component: | General | Keywords: | |
| Focuses: | Cc: |
Description
on a server, they were able to hack several servers, including the cpanel password,
they change (probably with some automation), any worpress admin login, to "AnonymousFox"
and made some changes on a few files, along with installing phpmailers for phising attacks, and php shells.
all the wordpress were up to date, we don't share plugins and some of them were almost naked instalation,
there might be some 0day bug on wordpress, would be nice if someone could investigate or turn some light on this problem, i dont feel confident into restoring any backup, neither to make a fresh install until the actual bug is identified and patched,
Change History (1)
Note: See
TracTickets for help on using
tickets.
Hi spala, welcome to WordPress Trac!
This place is for fixing bugs in WordPress itself. Unfortunately we can't help you with your hacked sites here.
For that we have https://wordpress.org/support/ and also https://codex.wordpress.org/FAQ_My_site_was_hacked to help you get started with cleaning up your sites and getting back to normal.
Note: if you do think you have found a security vulnerability in WordPress core, please take a look at https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/.