Photocracti Theme Hacked – Need Assistance
3 days ago I went to pull up my WordPress Blog login & it took me to some crazy, militant Serbian website. I contacted my hosting company (Bravenet) and was advised that there were serious, known issues about that Photocrati theme as follows:
“I was able to confirm that version of photocrafti-theme does allow people to break into the site via a remote exploit. To prevent this from happening in the future, I would contact the people who provided that theme for a solution, or switch to another theme.”
wp-content/themes/photocrati-theme/galleries/post-/full/wso.php – Obfuscated PHP code
wp-content/themes/photocrati-theme/galleries/post-/full/r577.php – Looks to be a PHP based backdoor
wp-content/themes/photocrati-theme/galleries/post-/full/murad/Sharp_Cyber.SQL – looks like it’s designed to get information about the webserver
wp-content/themes/photocrati-theme/galleries/post-/full/murad/domain.shh – more info gathering
wp-content/themes/photocrati-theme/galleries/post-/full/murad/.htaccess – used to run the scripts
wp-content/themes/photocrati-theme/galleries/post-/full/c100.php – another backdoor shell
Looks like the photocrati-theme allows people to upload images, and someone used it to upload a php file designed to compromise the website.
To fix it, I would start by deleting the following:
I found that file that was recommended for deletion but when I attempt to delete it it tells me its either empty and/or I don’t have permission to delete it.
Can someone please tell me – in very simple steps – how to get rid of this photocrati garbage & get my blog back? I would appreciate all recommendations.
They have also modified the following files, which should be replaced with clean copies from wordpress:
You did not specify a blog address or reason for posting when you created this topic.
This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you’ll find help at the WordPress.org forums.
If you don’t understand the difference between WordPress.com and WordPress.org, you may find this information helpful.
If you forgot to include a link to your blog, you can reply and include it below. It’ll help people to answer your question.
This is an automated message.
The blog is: http://rvlife.redsroads.net
But I have it disabled because its been hacked & I’m worried it probably carries a virus & did not want that to spread to people who read our blog daily.
This is the wordpress.com support forum. Here we provide support only for blogs that wordpress.com hosts and that site is not one of them.
Thanks timethief. I will try there & appreciate your reply.
You’re welcome and best wishes.
The topic ‘Photocracti Theme Hacked – Need Assistance’ is closed to new replies.