reNkai Posted December 9, 2009 Posted December 9, 2009 Hi folks, in one of my accounts I have discovered a folder called xrggs, appears to have been created on Dec 2, 2009. The folder contains a php script, qeu.php, which I can't quite tell what it's meant to do. It contains several functions that use fwrite() fopen() pregreplace, mkdir... appears to be a hack. I have removed the folder from my account. I'm just curious what others experience might be. I run a wordpress blog on this account - the site still works fine, but this attempted hack is cause for some concern. Google search for "xrggs" and wordpress doesn't turn up anything. Just a search for xrggs folder doesn't get anything either. Very strange! Quote
TCH-Thomas Posted December 9, 2009 Posted December 9, 2009 Unless you haven´t added any extensions to wordpress near that date that would have added this folder, I would open a ticket with the help desk and ask them to see if the account have been comprimised etc. Also, make sure that you have the latest and secure versions of wordpress and all the extensions. After that, change all passwords (cpanel, databases and so on). Quote
SteveW Posted December 9, 2009 Posted December 9, 2009 If a folder or files got added to your website and you didn't initiate it some way or another, that wasn't an attempted hack. It was a hack. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.