{"id":1014,"date":"2013-05-31T23:40:06","date_gmt":"2013-05-31T23:40:06","guid":{"rendered":"http:\/\/www.marfell.me.uk\/wordpress\/?p=1014"},"modified":"2013-06-01T08:21:38","modified_gmt":"2013-06-01T08:21:38","slug":"friends-of-baildon-moor-site-hacked","status":"publish","type":"post","link":"https:\/\/www.marfell.me.uk\/wordpress\/friends-of-baildon-moor-site-hacked\/","title":{"rendered":"Friends of Baildon Moor site hacked"},"content":{"rendered":"<p>Nice friendly hackers have been at the Friends of Baildon Moor site again. The site was not working and was defaced but I found a few interesting things around. The footer PHP file had been modified with some interesting code that looked as though it was doing something with usernames and passwords and had a stack of encoded text. A couple of directories also had some cgi script in them and .htaccess files that looked as though they would run the script.<\/p>\n<p>The most interesting directory was in the theme directory and contained just short of 43000 text files with names that seemed to be &lt;user&gt; followed by one of -host -cpanel -joomla -wordpress -oscommerce -zencart -billing -phpBB -SMF -vb3.<\/p>\n<p>The files were only created in the morning but I am unable to get rid of them. According to my FTP client the permission on them all is 777 which I thought was prevented by the host system. I was unable to delete them and I was unable to change permissions on them nor could I open them. My HTML editor that uses FTP to connect to sites did not even show the files and the web based file manager within the hosting just gave me a twirly busy icon.<\/p>\n<p>I raised a ticket on my hosting company and also phoned them. They sounded grateful and said that someone would investigate as soon as possible. The files are still there an hour later!<\/p>\n<p>If nothing else this helps while away the evenings but I can think of better things to do &#8211; I am falling behind on reviewing my photos, I am taking them quicker than I can delete them.<\/p>\n<p>Update: My hosting company removed the files at 6:00 the following morning and did not seem overly concerned that I had almost 43000 files that seemed to have the user name for every account on the sever. I tried a random sample of the names in my browser &lt;IP Address&gt;\/~account name and every one came back with a website or &#8220;Account suspended&#8221;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nice friendly hackers have been at the Friends of Baildon Moor site again. The site was not working and was defaced but I found a few interesting things around. The footer PHP file had been modified with some interesting code that looked as though it was doing something with usernames and passwords and had a [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[4],"tags":[],"class_list":["post-1014","post","type-post","status-publish","format-standard","hentry","category-paul"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p3kGoX-gm","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.marfell.me.uk\/wordpress\/wp-json\/wp\/v2\/posts\/1014","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.marfell.me.uk\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.marfell.me.uk\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.marfell.me.uk\/wordpress\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.marfell.me.uk\/wordpress\/wp-json\/wp\/v2\/comments?post=1014"}],"version-history":[{"count":4,"href":"https:\/\/www.marfell.me.uk\/wordpress\/wp-json\/wp\/v2\/posts\/1014\/revisions"}],"predecessor-version":[{"id":1017,"href":"https:\/\/www.marfell.me.uk\/wordpress\/wp-json\/wp\/v2\/posts\/1014\/revisions\/1017"}],"wp:attachment":[{"href":"https:\/\/www.marfell.me.uk\/wordpress\/wp-json\/wp\/v2\/media?parent=1014"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.marfell.me.uk\/wordpress\/wp-json\/wp\/v2\/categories?post=1014"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.marfell.me.uk\/wordpress\/wp-json\/wp\/v2\/tags?post=1014"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}