Re: [bitfolk] Security incident: Wordpress install compromised and turned into redirect to porn site

Hello, On Wed, Mar 06, 2013 at 09:45:27AM +0000, Adam Spiers wrote: No; if the customer has no interest in investigating then unfortunately I can't usually spare the time to do it for them, beyond the basics needed to resolve the abuse report. I would find it unusual for an attacker to compromise some other web app but then decide to put their .htaccess and other files in a Wordpress that coincidentally happened to be on the same server, though. These things tend to be straightforward. I did a quick web search for that .htaccess content and found a few other people reporting finding it, but with no details as to how it was put there. I suspect that it is unrelated to the actual compromise, being more of a "this is something you can put in someone's web site to turn it into a stealthy porn redirector" tool, so yes maybe the actual compromise is not in Wordpress. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting