Bastards hacked my WP site
Out of context: Reply #18
- Started
- Last post
- 24 Responses
- plash0
Easiest way i can think to assets if any credentials have been compromised is to log into your web server (via sftp) and check for last modified files by date.
looks like you're running apache so 'date created' might show newly added files since this might just be a php injection. if you do find something (a file added) this will indicate if a password was breached.
2nd step is to log into your mysqladmin and check for records that have been modified within a date specified. this will show if any database records have been modified, (if a positive is found then it's time to change that password and hash). Note that you'll find a lot of updated records in the data base, so put on that deerhunter and pull out a magnifying glass, you'll want to audit with prejudice; needle in the hay stack here.
lastly log into your wordpress admin and again aduit for records changed.
These are the fist steps to find our if your passwords have been compromised. if you find a file that has been uploaded without consent, then that points to a compromise..
if you find a db record, look into the cell and find the info it holds. you can do a string search for 'payday' throughout the entire database.
anyway, some pointers.