Hacked

[Moxxy]

If they're in cPanel, then this almost certainly had nothing to do with WordPress.

unless he was using the same password with cPanel and sql account.

 

[Grindstone]

^ Not even close. But they got access to both, somehow, somewhere. And I think it started with the a mail account of one of the employees, looking at the logs.

I don't fucking know, long weekend of locking down wp installs in front of me tho.

 

[Grindstone]

If they're in cPanel, then this almost certainly had nothing to do with WordPress.

^^^^^^

^ correctamundo

Keylogger on employees computer --> mail server --> root server, best I can figure from looking at the logs.

This company, with 30 employees, only installed antivirus protection 3 weeks ago. w-t-f-?

 

[Berto]

Just talked to some wordpress guys. They say that changing version to 6.9 won't hurt, but it won't stop bots from trying stuff anyway. Problem with version 6.9 is that you can't do an automatic upgrade, so keep on top of it.

Anyway, I came by to share this presentation, from the guy who told me the above stuff:
WordPress Security

This thing is GOLDEN - Enjoy!

 

[Enigmabomb]

How the fuck can I upload pictures from the file uploader if the folder isn't 777? This question has long plagued me.

 

[Rage9]

How the fuck can I upload pictures from the file uploader if the folder isn't 777? This question has long plagued me.

Change the owner of the directory to that of apache or whatever other webserver you may be running.