7,612
edits
Changes
Jump to navigation
Jump to search
Wordpress Blog Site (Tool) (view source)
Revision as of 19:43, 18 October 2017
, 19:43, 18 October 2017→Finding the backdoor
===Finding the backdoor===
It really isn't clear how this thing got in, beyond being in the uploads directory at some point and having enough permissions to create a .htaccess file that it left behind. Most likely we had a vulnerable plugin. There are no anomalous user accounts but we should delete and clean up anyway.
===The Plan===
*Fix corrupted files
*Remove dodgy .htaccess file
*Turn on the FTP
*Upgrade wordpress and plugins
*Look down directory permissions more tightly
*Remove disused user accounts
[[Category: McNair Admin]]
