0

I recently found out that one of my Domains (which was only a empty Wordpress installation), was hacked. The website didn't show the wordpress installation anymore, instead there was just a website with some music that say "Hacked my Team_cc" and some more text.

I've now changed very passwords from any other website, because there are mulitple websites with different domains on the same server. But my question is now, since only one Domain was attacked, was it just a hole they found in the older Wordpress installation, or why weren't the other domains affected?

Is there a known bug in Wordpress 3.8 that allows users to get access to the files? How can I find out if they compromised FTP or ssh?

Best regards

Smort
  • 101
  • 2
  • No, I just want to know how to know if they used a wordpress bug to enter the site or if they compromised ftp or ssh – Smort Apr 16 '16 at 18:39
  • The gist of the dupe question is that, unless you are a *very* experienced sysadmin with access to the right forensic skills, there is no way you can be sure that your system is in a non-compromised state **other than** reinstalling from scratch, restoring from a known-good backup, and then **(do not neglect this step)** ensure that any known vulnerabilities in your application are patched and credentials changed. All of this must happen before bringing your server online again. – EEAA Apr 16 '16 at 18:53

0 Answers0