| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 122699 | 2012-01-08 00:07:00 | Hijacked wordpress site | Chilling_Silence (9) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1252826 | 2012-01-09 09:37:00 | Just saying, this *really* sucks. If you've got any wordpress sites, nows the perfect time to check them. Some of my sites are fine. Others aren't. Multiple hosts, some infected on the same shared-hosting server, while others aren't... Can only point to Wordpress as the common denominator? Oh the joys of being involved in 'the interwebz' ... EDIT: 1 down, around a dozen (That I know of) to go :( |
Chilling_Silence (9) | ||
| 1252827 | 2012-01-09 11:11:00 | www.google.co.nz You're not alone, but you seem to be in on the ground floor. :( Might be this? threatpost.com |
fred_fish (15241) | ||
| 1252828 | 2012-01-09 19:03:00 | That's a worry:horrified The server that I built, for https etc. runs wordpress. Just so I can give a decent sort of look to the photo galleries I show (produced with jalbum). I only give access to family members to view (I guess it's done as much for my amusement as their benefit) and I've tried to keep away from search engines. Do you think this should be something I should be concerned about? Particularly as I'm running the photo galleries off my own home server. |
jcr1 (893) | ||
| 1252829 | 2012-01-09 19:20:00 | If it's available online, then yeah, make sure you're running the latest wordpress at least :) | Chilling_Silence (9) | ||
| 1252830 | 2012-01-09 19:23:00 | www.google.co.nz You're not alone, but you seem to be in on the ground floor. :( Might be this? threatpost.com Interesting. There's been a variety of these "Google WP redirect" exploits in the past. Guess its just another one to add to the list... Half the sites at least were running 3.3.0, and they were taken over only the day after that 3.3.1 came out :( Some of them were 'reinfected' this time redirecting to cleardot.ru instead. Gonna be a long day methinks. |
Chilling_Silence (9) | ||
| 1252831 | 2012-01-09 20:17:00 | We see hacked Wordpress all the time. I have since come to the conclusion PHP is crap, it's the most hackable thing out there. Here's the latest: there are lot of sites using TimThumb.php file. It is used primarily by Wordpress module / theme developers to resize an image on fly. It is used by other developers and other CMSs like OsCommerce as well. This php file (old version) is used by hackers to upload their scripts to the server for various malicious activities. So, if you use this - update it or ditch it. Although - then there will be the next thing exploited......pretty endless - about as useful as patching WIndows......... |
pctek (84) | ||
| 1252832 | 2012-01-09 20:57:00 | I'm not sure I follow that logic. It's like saying that programming in C or C++ is crap because it's what Windows ME was written in. I've not been able to find that TimThumb included in wordpress, I was under the impression it used the GD Image Library to do it? Also, the update came out less than 24 hours before the sites were hit, not really much of a chance to do the upgrade really... :-/ |
Chilling_Silence (9) | ||
| 1252833 | 2012-01-10 00:12:00 | New .htaccess files are now pointing to balance-current.ru/access/index.php Super, the fun never ceases ... :-/ |
Chilling_Silence (9) | ||
| 1252834 | 2012-01-10 00:26:00 | We see hacked Wordpress all the time. I have since come to the conclusion PHP is crap, it's the most hackable thing out there. Crap is maybe a bit harsh ... The Register reports it (www.theregister.co.uk) being described thusly The bigger point he and other observers seem to make is that PHP is the coding equivalent of an everyman's jet pack. It allows him to quickly soar into the sky with a minimal amount of training but doesn't necessarily provide the means to check for buildings, planes or other hazards that may greet the user once he gets there.:lol: |
fred_fish (15241) | ||
| 1252835 | 2012-01-10 00:33:00 | Well I'll be damned ... Cleaned a user account with a single wordpress install, restored from a full backup. Came back 3-4 minutes later (left it extracting) and it was already hacked again. Second time it worked and was able to upgrade wordpress successfully without any issues before they were able to re-infect it. Man what a mission this is proving to be!!! Especially where the user account has a couple of sites hosted :-/ EDIT: codex.wordpress.org From the announcement post: "This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K. and the Go Daddy security team for responsibly disclosing the bug to our security team." %@#$ |
Chilling_Silence (9) | ||
| 1 2 3 4 5 6 | |||||