reNkai Posted December 9, 2009 Share Posted December 9, 2009 Hi folks, in one of my accounts I have discovered a folder called xrggs, appears to have been created on Dec 2, 2009. The folder contains a php script, qeu.php, which I can't quite tell what it's meant to do. It contains several functions that use fwrite() fopen() pregreplace, mkdir... appears to be a hack. I have removed the folder from my account. I'm just curious what others experience might be. I run a wordpress blog on this account - the site still works fine, but this attempted hack is cause for some concern. Google search for "xrggs" and wordpress doesn't turn up anything. Just a search for xrggs folder doesn't get anything either. Very strange! Quote Link to comment Share on other sites More sharing options...
TCH-Thomas Posted December 9, 2009 Share Posted December 9, 2009 Unless you haven´t added any extensions to wordpress near that date that would have added this folder, I would open a ticket with the help desk and ask them to see if the account have been comprimised etc. Also, make sure that you have the latest and secure versions of wordpress and all the extensions. After that, change all passwords (cpanel, databases and so on). Quote Link to comment Share on other sites More sharing options...
SteveW Posted December 9, 2009 Share Posted December 9, 2009 If a folder or files got added to your website and you didn't initiate it some way or another, that wasn't an attempted hack. It was a hack. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.