[BlueOnyx:12857] Re: Blueonyx Backdoor:Perl/Shellbot
Jeff Folk
jfolk at qzoneinc.com
Mon Apr 15 21:54:10 -05 2013
On Apr 15, 2013, at 9:21 PM, Senthil Ramasamy wrote:
> Virus Scanner pick them up as Backdoor:Perl/Shellbot and have removed the above files and suspected backdoor entry was through wordpress. So, to avoid future attacks we have implement .htaccess file to limit specific IP address to access the wp-login.php as mentioned in http://forums.whirlpool.net.au/forum-replies.cfm?t=2085205
>
> Today again we are seeing same files re-appear. We have removed those files again. But don’t know how they are getting in?
>
> Has anyone seen this before and have a solution? Or point us to right direction?
Going to have to get that Wordpress install fully patched. Had this happen (similar, a bank phishing site installed through old unpatched plugin script) to one of my customers. Unfortunately, depending on the security vulnerability, the .htaccess file probably won't have any effect.
Good luck!
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20130415/5bec7b7b/attachment.html>
More information about the Blueonyx
mailing list