JOHNNY 360

For almost a week my other blog Pinoyhack.com, has been suspended due to malwares. A bug that can be found on outdated version of wordpress. As I was browsing my files, I found out that all of the folder dates in my files have been updated, meaning something has been modified or added in the folders. I checked the folders one by one, I found a very interesting files ending with _new, _old, .pngg, .jpgg, .giff. Most of them have 8.87kb file size and in php format. Also, watch out in your Process Manager, you will found out that somebody is accessing it thru send mail. I really don’t know what that is all about.

Anyway, I first removing the files ending with _new, _old, .pngg, .jpgg, and .giff. I have scanned all the folders again and again with the extensions _new.php, _old.php, .php.pngg, .php.jpgg, or .php.giff, delete them. These files are said to be executables that will display a fake “404 Not Found” error when called from a browser, but will display your server information if called from a script with the matching hash from one of the hacked PHP scripts.

Do not forget to check your database for new user ‘Wordpress‘, make sure to delete them, you can delete it by using your PhpMyadmin. Last but not the least, using any FTP program, access you blog’s directories and see if you can find a wp-info.txt file. This is not a valid Wordpress file and, in fact, is said to contain your database usernames, passwords, emails, etc. which can be used to hack your system. If you found it, remove it immediately and change all your passwords.

Check your folders again for weird looking file names, if you think nothing is hiding then you’re safe.