WordPress.org

Make WordPress Core

Opened 6 months ago

Closed 6 months ago

#44624 closed defect (bug) (invalid)

Lot of wordpress sites hacked at same time

Reported by: spala Owned by:
Milestone: Priority: normal
Severity: critical Version: 4.9.7
Component: General Keywords:
Focuses: Cc:

Description

on a server, they were able to hack several servers, including the cpanel password, they change (probably with some automation), any worpress admin login, to "AnonymousFox" and made some changes on a few files, along with installing phpmailers for phising attacks, and php shells.

all the wordpress were up to date, we don't share plugins and some of them were almost naked instalation,

there might be some 0day bug on wordpress, would be nice if someone could investigate or turn some light on this problem, i dont feel confident into restoring any backup, neither to make a fresh install until the actual bug is identified and patched,

Change History (1)

#1 @SergeyBiryukov
6 months ago

  • Keywords needs-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi spala, welcome to WordPress Trac!

This place is for fixing bugs in WordPress itself. Unfortunately we can't help you with your hacked sites here.

For that we have https://wordpress.org/support/ and also https://codex.wordpress.org/FAQ_My_site_was_hacked to help you get started with cleaning up your sites and getting back to normal.

Note: if you do think you have found a security vulnerability in WordPress core, please take a look at https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/.

Note: See TracTickets for help on using tickets.