New Wordpress Pharma Hack - "COMMON.PHP"

apps

#1

if your wordpress site is showing up in google with the title “GET CIALIS” and the disclaimer “this site may be compromised”, then you may be suffering the new vicious “common.php” attack.

Your htaccess file has been hacked, and is now calling a file called “common.php” also located in your site root directory.

Delete "common.php"
edit your htaccess file to remove the hack

change all your passwords.

pray.


#2

Anytime a wordpress installation is compromised my first question is about 3rd party theme’s or plugin’s, in many cases that is where you will find the back door.[hr]
even better advice can be found in post 3 of this thread: http://discussion.dreamhost.com/thread-131652.html