How to Find a Backdoor in a Hacked WordPress Site with Debian

-1

I think there was a backdoor created by the hacker which allowed them to bypass normal authentication.

Wordpress 4.4.2 in apache2 with MySQL
I install chkrootkit, rkhunter but finding nothing!
I find in google http://www.wpbeginner.com/wp-tutorials/how-to-find-a-backdoor-in-a-hacked-wordpress-site-and-fix-it/ but without results.

zetanova

Posted 2016-03-03T21:28:32.440

Reputation: 107

5You should nuke the Wordpress files from orbit. Unless you can identify which backdoor was installed, this question, cannot be answered. – Ramhound – 2016-03-03T21:29:21.287

What a surprise. Wordpress gets hacked?! My advice, don't use Wordpress, just do it yourself! – Dave – 2016-03-04T09:58:39.670

Answers

In short, you don't. If you think your system is compromised, it can and probably is compromised in a way that the exploit hides itself.

Flatten the machine and reinstall. It's (quite literally) the only way to be sure.

I'm serious. Don't spend more time looking for the rootkit. For all you know, that machine is being used to send spam from your domain (or worse) right now. Stop reading and go pull the plug.

Mikey T.K.

Posted 2016-03-03T21:28:32.440

Reputation: 3 224

Unless there is a rootkit installed on the CPU, sadly.. these are impossible to make these days :( – Maarten – 2016-03-03T23:00:20.487