Exploit: Hacked by badi

From VlexoFree Wiki
Jump to: navigation, search

The problem seems to affect Wordpress sites mainly but could also effect other kinds of scripts. The exploit seems to be cPanel specific and VlexoFree is now protected from it.

The exploit is nothing more than a defacement. No wordpress files have been changed as a result of the exploit. The only changes made by the exploit are to the wordpress database in the following locations: the wordpress title, charset, and widgets.

The following is a How-To to reverse the changes caused by the exploit.

Wordpress

  1. Under Settings -> reading, change charset from UTF-7 to UTF-8
  2. Go to your widgets – delete the "Text" sidebar widget – You will notice some Javascript code in it – will include something like this - " document.documentElement.innerHTML = unescape"
  3. You will need to reset all your widgets as the hack removes them all
  4. Under Settings -> General, change your site title back to what it was previously.
  5. Ensure your wp-config.php file's permissions are set to 600 - This can be done from within cPanel by going into your file manager