Monday, September 6, 2010

Anatomy of a wordpress dictionary hack

i saw a site with the front page
the html is created in word 11
XP sp2-Dodo author
SA3D
Created 2010-04-15T22:54:00Z
http://www.zone-h.org/archive/notifier=SA3D%20HaCk3D
http://www.tkurd.com/forum/member.php?892-SA3D-HaCk3D
sahd_2020@YaHoO.CoM
http://www.invisible.ir/sahd_2020

not sure if the below urls are related to sa3d
kurdteam.informe.com/
http://hevallo.blogspot.com/2008_04_01_archive.html

HaCkeD
[#] Hacked By SA3D HaCk3D [#]
# Sorry Admin ;)
Your Site Been HaCkeD By SA3D HaCk3D
/^_+\
KurDish HaCkerS
# SeC3riTy DowN #
=-=-=-=-=#=-=-=-=-=
SAHD_2020@YaHoO.CoM
: " - See You in The HelL - " :
http://peshae.com/mybb/yane/uploads/kurdish-srod.mp3
http://kurdup.com/up/uploads/picture/86747f4048.gif
Registrar: NEW DREAM NETWORK, LLC
Status: ok
Dates: Created 12-feb-2009 Updated 14-feb-2010 Expires 12-feb-2011
DNS Servers: NS1.DREAMHOST.COM NS2.DREAMHOST.COM NS3.DREAMHOST.COM


the ip info

IP Information - 95.170.219.198
IP address: 95.170.219.198
Reverse DNS: [No reverse DNS entry per ns-pri.ripe.net.]
Reverse DNS authenticity: [Unknown]
ASN: 21277
ASN Name: NWRZ (Newroz Telecom Ltd. AS Number)
IP range connectivity: 2
Registrar (per ASN): RIPE
Country (per IP registrar): IQ [Iraq]
Country Currency: Unknown
Country IP Range: 95.170.192.0 to 95.170.223.255
Country fraud profile: High
City (per outside source): Baghdad, Baghdad
Country (per outside source): IQ [Iraq]
Private (internal) IP? No
IP address registrar: whois.arin.net
Known Proxy? No
Link for WHOIS: 95.170.219.198

more info
The Project Honey Pot system find that this ip 95.170.219.198 [Spam Server] [Dictionary Attacker]

The Project Honey Pot system has detected behavior from the IP address consistent with that of a mail server and dictionary attacker. Below we've reported some other data associated with this IP.
http://www.projecthoneypot.org/ip_95.170.219.198

the user name created was sahd which erases the existing user name and password





listed below is the raw logs from this ip
95.170.219.198 - - [:x:45:56 ] "GET /wp-admin HTTP/1.1" 301 300 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:45:57 ] "GET /wp-admin/ HTTP/1.1" 302 20 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:46:58 ] "GET /wp-login.php?redirect_to=http%3A%2F%2Fhackedsite.com%2Fwp-admin%2F&reauth=1 HTTP/1.1" 200 991 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:04 ] "GET /wp-admin/css/login.css?ver=20100601 HTTP/1.1" 200 820 "http://hackedsite.com/wp-login.php?redirect_to=http%3A%2F%2Fhackedsite.com%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:04 ] "GET /wp-admin/css/colors-fresh.css?ver=20100610 HTTP/1.1" 200 5993 "http://hackedsite.com/wp-login.php?redirect_to=http%3A%2F%2Fhackedsite.com%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:06 ] "GET /wp-admin/images/button-grad.png HTTP/1.1" 200 243 "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:06 ] "GET /wp-admin/images/logo-login.gif HTTP/1.1" 200 4816 "http://hackedsite.com/wp-admin/css/login.css?ver=20100601" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:07 ] "GET /favicon.ico HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:10 ] "GET /favicon.ico HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:11 ] "GET /favicon.ico HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:14 ] "GET /wp-admin/images/button-grad-active.png HTTP/1.1" 200 284 "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:14 ] "POST /wp-login.php HTTP/1.1" 302 20 "http://hackedsite.com/wp-login.php?redirect_to=http%3A%2F%2Fhackedsite.com%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:19 ] "GET /wp-admin/ HTTP/1.1" 200 7250 "http://hackedsite.com/wp-login.php?redirect_to=http%3A%2F%2Fhackedsite.com%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:32 ] "GET /wp-admin/load-styles.php?c=1&dir=ltr&load=dashboard,plugin-install,global,wp-admin&ver=030f653716b08ff25b8bfcccabe4bdbd HTTP/1.1" 200 15872 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:32 ] "GET /wp-includes/js/thickbox/thickbox.css?ver=20090514 HTTP/1.1" 200 1069 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:33 ] "GET /wp-admin/load-scripts.php?c=1&load=jquery,utils,quicktags&ver=b50ff5b9792a9e89a2ex1ad3119a463 HTTP/1.1" 200 30637 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:35 ] "GET /wp-content/plugins/kimili-flash-embed/js/kfe.js?ver=2.1.5 HTTP/1.1" 200 5593 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:36 ] "GET /wp-admin/images/wp-logo.png?ver=20100531 HTTP/1.1" 200 2251 "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:36 ] "GET /wp-includes/images/blank.gif HTTP/1.1" 200 43 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:36 ] "GET /wp-admin/images/fav-arrow.gif?ver=20100531 HTTP/1.1" 200 241 "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:37 ] "GET /wp-admin/images/menu-arrows.gif HTTP/1.1" 200 330 "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:37 ] "GET /wp-admin/images/screen-options-right.gif?ver=20100531 HTTP/1.1" 200 178 "http://hackedsite.com/wp-admin/load-styles.php?c=1&dir=ltr&load=dashboard,plugin-install,global,wp-admin&ver=030f653716b08ff25b8bfcccabe4bdbd" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:37 ] "GET /wp-content/plugins/w3-total-cache/inc/images/logo_small.png HTTP/1.1" 200 849 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:37 ] "GET /wp-admin/images/icons32.png?ver=20100531 HTTP/1.1" 200 14649 "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:38 ] "GET /wp-admin/images/gray-grad.png HTTP/1.1" 200 2x "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:38 ] "GET /wp-admin/images/white-grad.png HTTP/1.1" 200 210 "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:38 ] "GET /wp-admin/images/menu.png?ver=20100531 HTTP/1.1" 200 12527 "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:38 ] "GET /wp-admin/images/menu-bits.gif?ver=20100610 HTTP/1.1" 200 1x9 "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:38 ] "GET /wp-admin/images/menu-dark.gif HTTP/1.1" 200 245 "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:36 ] "GET /wp-admin/load-scripts.php?c=1&load=hoverIntent,common,jquery-color,wp-ajax-response,wp-lists,jquery-ui-core,jquery-ui-resizable,admin-comments,jquery-ui-sortable,postbox,dashboard,thickbox,plugin-install,media-upload&ver=1c33e12a06a28402104d18bdc95ada53 HTTP/1.1" 200 31687 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:40 ] "GET /wp-includes/js/thickbox/loadingAnimation.gif HTTP/1.1" 200 5886 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:40 ] "GET /wp-admin/index-extra.php?jax=dashboard_primary HTTP/1.1" 200 653 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:40 ] "GET /wp-admin/themes.php HTTP/1.1" 200 5229 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:40 ] "GET /wp-admin/index-extra.php?jax=dashboard_incoming_links HTTP/1.1" 200 205 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:43 ] "GET /wp-admin/plugin-editor.php HTTP/1.1" 200 15945 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:44 ] "GET /wp-admin/index-extra.php?jax=dashboard_quick_press HTTP/1.1" 200 901 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:41 ] "GET /wp-admin/index-extra.php?jax=dashboard_plugins HTTP/1.1" 200 20 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:40 ] "GET /wp-admin/index-extra.php?jax=dashboard_secondary HTTP/1.1" 200 1050 "http://hackedsite.com/wp-admin/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:46 ] "GET /wp-admin/load-styles.php?c=1&dir=ltr&load=theme-editor,global,wp-admin&ver=3d4a7eab25b686e3ca7fc38d3266c82d HTTP/1.1" 200 14327 "http://hackedsite.com/wp-admin/plugin-editor.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:46 ] "GET /wp-admin/load-scripts.php?c=1&load=jquery,utils&ver=0e4de088c1d51cff99f6e17399d2c995 HTTP/1.1" 200 27858 "http://hackedsite.com/wp-admin/plugin-editor.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:47:49 ] "GET /wp-admin/load-scripts.php?c=1&load=hoverIntent,common,jquery-color&ver=8d4336116da1b3c12fcc9cfa3493d4f5 HTTP/1.1" 200 3660 "http://hackedsite.com/wp-admin/plugin-editor.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:17 ] "GET /wp-admin/themes.php HTTP/1.1" 200 5228 "http://hackedsite.com/wp-admin/plugin-editor.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:18 ] "GET /wp-admin/load-styles.php?c=1&dir=ltr&load=global,wp-admin&ver=aba7495e3957x976b6073d5d07d3b17 HTTP/1.1" 200 14073 "http://hackedsite.com/wp-admin/themes.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:19 ] "GET /wp-content/themes/classic/screenshot.png HTTP/1.1" 200 8412 "http://hackedsite.com/wp-admin/themes.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:19 ] "GET /wp-content/themes/default/screenshot.png HTTP/1.1" 200 10608 "http://hackedsite.com/wp-admin/themes.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:19 ] "GET /wp-admin/load-scripts.php?c=1&load=hoverIntent,common,jquery-color,thickbox,theme-preview&ver=37a5db1b9feebbbec594efdc1cd214c1 HTTP/1.1" 200 8076 "http://hackedsite.com/wp-admin/themes.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:19 ] "GET /wp-content/themes/twentyten/screenshot.png HTTP/1.1" 200 34923 "http://hackedsite.com/wp-admin/themes.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:21 ] "GET /wp-includes/js/thickbox/loadingAnimation.gif HTTP/1.1" 206 2074 "http://hackedsite.com/wp-admin/themes.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:21 ] "GET /wp-admin/theme-editor.php HTTP/1.1" 200 6311 "http://hackedsite.com/wp-admin/themes.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:27 ] "GET /wp-admin/theme-editor.php?file=/themes/twentyten/index.php&theme=Twenty+Ten&dir=theme HTTP/1.1" 200 5721 "http://hackedsite.com/wp-admin/theme-editor.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:32 ] "GET /wp-admin/images/button-grad-active.png HTTP/1.1" 200 284 "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:32 ] "POST /wp-admin/theme-editor.php HTTP/1.1" 302 20 "http://hackedsite.com/wp-admin/theme-editor.php?file=/themes/twentyten/index.php&theme=Twenty+Ten&dir=theme" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:35 ] "GET /wp-admin/theme-editor.php?file=/home/sitefolder/public_html/wp-content/themes/twentyten/index.php&theme=Twenty+Ten&a=te&scrollto=10x0 HTTP/1.1" 200 9733 "http://hackedsite.com/wp-admin/theme-editor.php?file=/themes/twentyten/index.php&theme=Twenty+Ten&dir=theme" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:38 ] "GET / HTTP/1.1" 200 3883 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:40 ] "GET /wp-content/themes/twentyten/style.css HTTP/1.1" 200 5369 "http://hackedsite.com/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:41 ] "GET /wp-content/uploads/2010/09/someimage.jpeg HTTP/1.1" 200 3553 "http://hackedsite.com/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:41 ] "GET /wp-content/uploads/2010/09/someimage2.jpg HTTP/1.1" 200 42717 "http://hackedsite.com/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:47 ] "GET /wp-admin/theme-editor.php?file=/themes/twentyten/functions.php&theme=Twenty+Ten&dir=theme HTTP/1.1" 200 10567 "http://hackedsite.com/wp-admin/theme-editor.php?file=/home/sitefolder/public_html/wp-content/themes/twentyten/index.php&theme=Twenty+Ten&a=te&scrollto=10x0" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:54 ] "GET /wp-admin/images/button-grad-active.png HTTP/1.1" 200 284 "http://hackedsite.com/wp-admin/css/colors-fresh.css?ver=20100610" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:54 ] "POST /wp-admin/theme-editor.php HTTP/1.1" 302 20 "http://hackedsite.com/wp-admin/theme-editor.php?file=/themes/twentyten/functions.php&theme=Twenty+Ten&dir=theme" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:48:57 ] "GET /wp-admin/theme-editor.php?file=/home/sitefolder/public_html/wp-content/themes/twentyten/functions.php&theme=Twenty+Ten&a=te&scrollto=10x0 HTTP/1.1" 200 x840 "http://hackedsite.com/wp-admin/theme-editor.php?file=/themes/twentyten/functions.php&theme=Twenty+Ten&dir=theme" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:49:05 ] "GET /wp-admin/theme-editor.php?file=/themes/twentyten/functions.php&theme=Twenty+Ten&dir=theme HTTP/1.1" 200 x795 "http://hackedsite.com/wp-admin/theme-editor.php?file=/home/sitefolder/public_html/wp-content/themes/twentyten/index.php&theme=Twenty+Ten&a=te&scrollto=10x0" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:49:02 ] "GET /wp-admin/theme-editor.php?file=/themes/twentyten/functions.php&theme=Twenty+Ten&dir=theme HTTP/1.1" 200 x794 "http://hackedsite.com/wp-admin/theme-editor.php?file=/home/sitefolder/public_html/wp-content/themes/twentyten/index.php&theme=Twenty+Ten&a=te&scrollto=10x0" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:49:00 ] "GET /wp-admin/theme-editor.php?file=/themes/twentyten/functions.php&theme=Twenty+Ten&dir=theme HTTP/1.1" 200 x795 "http://hackedsite.com/wp-admin/theme-editor.php?file=/home/sitefolder/public_html/wp-content/themes/twentyten/index.php&theme=Twenty+Ten&a=te&scrollto=10x0" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:49:05 ] "GET /wp-admin/theme-editor.php?file=/themes/twentyten/functions.php&theme=Twenty+Ten&dir=theme HTTP/1.1" 200 x795 "http://hackedsite.com/wp-admin/theme-editor.php?file=/home/sitefolder/public_html/wp-content/themes/twentyten/index.php&theme=Twenty+Ten&a=te&scrollto=10x0" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:49:09 ] "GET / HTTP/1.1" 200 5672 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:49:11 ] "GET /ndar/ HTTP/1.1" 200 5614 "http://hackedsite.com/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:49:21 ] "GET /index.php HTTP/1.1" 301 4545 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:49:22 ] "GET / HTTP/1.1" 200 5672 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

95.170.219.198 - - [:x:49:23 ] "GET /ndar/ HTTP/1.1" 200 5614 "http://hackedsite.com/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19"

what to do if you wordpress site is hacked.how to recover from a wordpress hack



http://codex.wordpress.org/FAQ_My_site_was_hacked
http://codex.wordpress.org/Hardening_WordPress




How To Completely Clean Your Hacked WordPress Installation
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://blog.sucuri.net/2010/02/removing-malware-from-a-wordpress-blog-case-study.html
http://www.devlounge.net/articles/reset-a-wordpress-password-from-phpmyadmin
http://codex.wordpress.org/Resetting_Your_Password
http://herselfswebtools.com/2008/06/wordpress-plugin-tripwire.html
Hardening WordPress

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://www.problogdesign.com/wordpress/11-best-ways-to-improve-wordpress-security/

http://ocaoimh.ie/wordpress-exploit-scanner-01/
http://wordpress.org/extend/plugins/exploit-scanner/

No comments:

Post a Comment