Alien file: Remv.php
By Sasha on Nov 27, 2008 in Blogging in general
Yesterday morning, I got an email from Bluehost Support as follows…
Dear Webmaster for (deleted),
It has come to our attention that an exploit for WordPress 2.6.3 and below is running rampant through the internet, and has been discovered on your account for (deleted). Due to the upcoming holiday we have decided to allow your website to stay online, the current file remv.php.hacked will be in your homedirectory under (deleted)/wp-content/themes. You have seven days to remove this file and update your version of WordPress and any modules you are using. If you have not performed the removal and update by the end of the 7th day, out of respect to other customers we will be forced to shutdown your site until the requested removal and updates have been completed.
In addition, Fantastico does not have the latest version of WordPress which is 2.6.5. This means you will need to upgrade WordPress using SimpleScripts. You can easily do this from the cPanel. Go to SimpleScripts under “Software Services” and click on WordPress under “Blogs.” At the bottom you’ll see an option to “Convert a Fantastico Installation.” Clicking on this will list the installations available for conversion.
*deleted – blogs concerned
I set aside the email thinking I’d deal with it when I get home from my movie date with my girl friends. But while inside the movie house, Tita Liza texted me telling me that this blog as well as two of my other blogs were showing a syntax error. I immediately thought of the email I received from Bluehost.
When I got home, I checked my blogs right away. Yes, it was showing a syntax error. I checked my files and I saw a remv.php file in the themes folder. The same thing happened to my border. So I immediately upgraded my blogs to the newest version of WordPress (2.6.5) and I used Simple Scripts this time, instead of Fantastico. I deleted my entire database and created new ones for each blog.
A couple of hours ago, I talked to Reyna Elena about his site being hacked. When I read his post, I saw that the same thing happened to him. So I was thinking (and still speculating) as to what truly happened. Reynz is also using Bluehost for ReynaElena.com and I am using Bluehost as well. Is the security breach a fault of Bluehost or we were chosen by this hacker, if it’s even hacking at all?
Did this happen to your blog? How did you solve it? Let’s compare notes.
I am an accountant, a CPA. I'd been working for 10 years as a corporate rat when I decided to quit. I am now working at home as a consultant and full time blogger.
JD at I Do Things | Nov 29, 2008 | Reply
This happened to me, too, tho I didn’t find out about the corrupt file via e-mail. My site was suspended, and I had to call Bluehost. Luckily the guy I spoke with was very helpful and had my site back up (tho without the theme, plugins, and widgets) in less than an hour. I just assumed it was some stupid random hacker, but the folks at Bluehost told me about this “exploit” that was attacking WP blogs with versions under 2.6.3. That’s really all I know.
I’m sorry it happened to you and some of your friends. I haven’t looked around too much to see if it’s all that widespread.
Good luck!
JD at I Do Thingss last blog post..I AM BACK! (almost) so you don’t have to be
BK | Nov 29, 2008 | Reply
It happened to me too. Now I realized the same things happened to others. I am not using bluehost; I am using dreamhost. Maybe they are related in some way. Is it very difficult to upgrade the WP version? I went to site to read about the upgrade and it seems quite complicated.
BKs last blog post..Wordless Wednesday: Unknown Plant Growing on Tree Barks
Raquel | Nov 30, 2008 | Reply
Hi Sasha, thank you for this update. I am hesitant to update/upgrade the newest version of WordPress. After I read this entry, I am not sure if I’ll update it or not. Is there a big difference if I’ll remain the old version to new? Which is better?
Rudi | Dec 28, 2008 | Reply
@Raquel: upgrading to WP 2.7 is really easy – no more difficult than a version upgrade in 2.5 or 2.6 – so you might as well do it. The WP upgrade instructions are helpful if you get into a jam, but you shouldn’t get into one – it’s not difficult at all.