Need help? Check out our Support site, then


Photocracti Theme Hacked - Need Assistance

  1. 3 days ago I went to pull up my WordPress Blog login & it took me to some crazy, militant Serbian website. I contacted my hosting company (Bravenet) and was advised that there were serious, known issues about that Photocrati theme as follows:

    "I was able to confirm that version of photocrafti-theme does allow people to break into the site via a remote exploit. To prevent this from happening in the future, I would contact the people who provided that theme for a solution, or switch to another theme."

    wp-content/themes/photocrati-theme/galleries/post-/full/wso.php - Obfuscated PHP code
    wp-content/themes/photocrati-theme/galleries/post-/full/r577.php - Looks to be a PHP based backdoor
    wp-content/themes/photocrati-theme/galleries/post-/full/murad/Sharp_Cyber.SQL - looks like it's designed to get information about the webserver
    wp-content/themes/photocrati-theme/galleries/post-/full/murad/domain.shh - more info gathering
    wp-content/themes/photocrati-theme/galleries/post-/full/murad/.htaccess - used to run the scripts
    wp-content/themes/photocrati-theme/galleries/post-/full/c100.php - another backdoor shell

    Looks like the photocrati-theme allows people to upload images, and someone used it to upload a php file designed to compromise the website.

    To fix it, I would start by deleting the following:
    wp-content/themes/photocrati-theme/galleries/post-"

    I found that file that was recommended for deletion but when I attempt to delete it it tells me its either empty and/or I don't have permission to delete it.

    Can someone please tell me - in very simple steps - how to get rid of this photocrati garbage & get my blog back? I would appreciate all recommendations.

    Thanks !

    They have also modified the following files, which should be replaced with clean copies from wordpress:
    index.php
    wp-login.php

  2. You did not specify a blog address or reason for posting when you created this topic.

    This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you'll find help at the WordPress.org forums.

    If you don't understand the difference between WordPress.com and WordPress.org, you may find this information helpful.

    If you forgot to include a link to your blog, you can reply and include it below. It'll help people to answer your question.

    This is an automated message.

  3. The blog is: http://rvlife.redsroads.net

    But I have it disabled because its been hacked & I'm worried it probably carries a virus & did not want that to spread to people who read our blog daily.

  4. It's clear to me that your question is about a self-hosted WordPress blog and you'll find help at the WordPress.org forums. http://wordpress.org/support/
    read > http://support.wordpress.com/com-vs-org/

  5. This is the wordpress.com support forum. Here we provide support only for blogs that wordpress.com hosts and that site is not one of them.

  6. Thanks timethief. I will try there & appreciate your reply.

  7. You're welcome and best wishes.

Topic Closed

This topic has been closed to new replies.

About this Topic